将代码段存储在数据库中 [英] storing code snippets in a database
问题描述
我想制作一个代码片段数据库Web应用程序.将其存储在数据库中的最好方法是对所有内容进行html编码以防止在网页上显示摘要时阻止XSS吗?
I want to make a code snippet database web application. Would the best way to store it in the database be to html encode everything to prevent XSS when displaying the snippets on the web page?
感谢您的帮助!
推荐答案
数据库与此无关.您只需将代码片段呈现为HTML即可对其进行转义.
The database has nothing to do with this; you simply need to escape the snippets when they are rendered as HTML.
至少,您需要将所有&
编码为&
,并将所有<
字符编码为<
.
At minimum, you need to encode all &
as &
and all <
characters as <
.
但是,您的服务器端语言已经具有内置的HTML编码功能.您应该使用它而不是重新发明轮子.有关更多详细信息,请告诉我们您的服务器端代码所使用的语言.
However, your server-side language already has a built-in HTML encoding function; you should use it instead of re-inventing the wheel. For more details, please tell us what language your server-side code is in.
根据您之前的问题,我假设您正在使用PHP.
如果是这样,您正在寻找 htmlspecialchars
或 htmlentities
函数.
Based on your previous questions, I assume you're using PHP.
If so, you're looking for the htmlspecialchars
or htmlentities
functions.
这篇关于将代码段存储在数据库中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!