Web SecurityAlso called: "html entities", "html escaping"
HTML encoding converts special characters into entities to display them safely.
Common entities
- < : < (less than).
- > : > (greater than).
- & : & (ampersand).
- " : " (quote).
- ' : ' (apostrophe).
- : Non-breaking space.
Why encode?
- Prevent browsers from interpreting characters as HTML tags.
- Display reserved characters literally.
- Prevent cross-site scripting (XSS) attacks.
- Properly render special and international characters.
Numeric encoding
- Decimal: < (< symbol).
- Hexadecimal: < (< symbol).
Security use
- Essential for preventing XSS when displaying user input.
- Encode all untrusted data before inserting into HTML.
Explore More Web Security
View all termsCross-Site Request Forgery (CSRF)
An attack that tricks a victim into submitting unauthorized requests using their authenticated session.
Read more →Cross-Site Scripting (XSS)
A web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
Read more →HTTP Cookie
Small pieces of data stored by web browsers, used for session management, personalization, and tracking.
Read more →HTTP Security Headers
Response headers that enable browser security protections against common web attacks.
Read more →JSON Web Token (JWT)
A compact, URL-safe token format used to securely transmit claims between parties in web applications.
Read more →Subresource Integrity (SRI)
A security feature that allows browsers to verify that files from CDNs have not been tampered with.
Read more →