Sanitizing forms in vibe.d. How?
Adam D. Ruppe via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Thu Dec 15 11:52:42 PST 2016
On Monday, 12 December 2016 at 10:25:05 UTC, aberba wrote:
> How about alternative to php strip_tags(), strip_slash() ?
I wouldn't use those functions anyway in most cases: instead of
stripping stuff, just encode it properly for the output.
So, if it is being output to JSON or javascript, json encode it.
If it is going to HTML, html encode it. If a URL, url encode it.
If to a database, use a prepared statement.
You may need to use multiple layers. A link may be both URL and
HTML encoded, because first it is a url, then it is being added
to a html document so it needs that too.
I don't know the vibe library, but my dom.d has a bunch of
options for html encode.
More information about the Digitalmars-d-learn
mailing list