Html escaping for security: howto in D?
Adam D. Ruppe
destructionator at gmail.com
Wed Jul 8 02:17:31 UTC 2020
On Tuesday, 7 July 2020 at 23:19:46 UTC, aberba wrote:
>>I believe Adam (arsd) has some function in his
>> library for doing html entities of tags.
>
> See
> https://dpldocs.info/experimental-docs/arsd.dom.htmlEntitiesEncode.html
Yeah, that function will encode basically everything so you can
concat it into HTML.
My libs also have sanitation functions that go even further - you
can do a html tag and attribute whitelist via the dom (html.d in
my repo) and construct things with those functions too (using
just dom.d for this). But I haven't documented all that stuff so
you're kinda on your own in figuring it all out... that's why I
don't advertise as much as the others.
It is easy to use once you get to know it but instead of writing
beginner-friendly documentation I often just answer individual's
emails. Maybe I will blog about it later though.
More information about the Digitalmars-d
mailing list