How can I use HTML special characters with xmlhttp.open?
Please bear with me as I am a newbie programmer. Is it because HTML special characters can be used in the call like this: xmlhttp.open("POST","login/login.php",true);
because when I check my url adding this
/%22%3E%3Cscript%3Ealert('hacked')%3C/script%3E
turns
/"><script>alert('hacked')</script>
that someone says my site can be used.
Can anyone help me or link to a similar question?
Thanks in advance.
source to share
Use javascript encodeURIComponent when passing parameters in your ajax request, this will encode user data correctly.
Read here: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent
source to share