Html escaping for security: howto in D?
aberba
karabutaworld at gmail.com
Mon Jul 6 15:13:30 UTC 2020
On Monday, 6 July 2020 at 11:56:17 UTC, Fitz wrote:
> Hello (I am a newbie to dlang)
>
> What's the recommended way to escape user input when outputting
> html?
>
> intent: to stop XSS/etc, see
> https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
>
> thanks in advance!
>
> Fitz
stripTags() is for when you want to leave other safe tags in
comments.
If you want to completely removed all tags,
https://code.dlang.org/packages/plain might be better.
More information about the Digitalmars-d
mailing list