Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am starting to use the Share button from Google. I am actually using the Share link, and at some point in the docs it says this:
Note: Replace {URL} with the URL of the page you want to share. You
must properly escape any user-generated content that may occur within
{URL}
What does that mean, and how can I escape this?
To escape something means that you convert possible harmful characters into something that is not harmful for the computer to translate.
For example:
is a possible harmful string of contents. Mainly because youre storing plain javascript somewhere in your application.
When escaping this you’re basically turning this into something not harmful at all.
Example:
Now you’ve turned the harmful script into normal characters and when printed or stored you will not have to worry about a harmful script being injected into your code.
Other examples of escaping characters is this
Now, this unescaped in javascript code would produce an error because the string has been terminated and the word ‘world’ is now a variable and then a new string starts.
This is the same string escaped to allow for quotation marks.
And it’s perfectly valid!
What Dillen suggests is exactly the right way for you to solve your problem but I thought explaining the escaping method would be appropriate as well.