Html escaping for security: howto in D?
Fitz
fitz at figmentengine.com
Tue Jul 7 17:59:21 UTC 2020
On Monday, 6 July 2020 at 15:13:30 UTC, aberba wrote:
> If you want to completely removed all tags,
> https://code.dlang.org/packages/plain might be better.
seems overkill, just implemented something simple:
//
https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
string encodeSafely(string input) {
auto w = appender!string;
foreach (c; input) {
switch (c) {
case '&':
w ~= "&";
break;
case '<':
w ~= "<";
break;
case '>':
w ~= ">";
break;
case '"':
w ~= """;
break;
case '\'':
w ~= "'";
break;
case '/':
w ~= "/";
break;
default:
w ~= c;
break;
}
}
return w[];
}
More information about the Digitalmars-d
mailing list