How can I use HTML special characters with xmlhttp.open?

Question

How can I use HTML special characters with xmlhttp.open?

Please bear with me as I am a newbie programmer. Is it because HTML special characters can be used in the call like this: xmlhttp.open("POST","login/login.php",true);

because when I check my url adding this

/%22%3E%3Cscript%3Ealert('hacked')%3C/script%3E

turns

/"><script>alert('hacked')</script>

that someone says my site can be used.

Can anyone help me or link to a similar question?

Thanks in advance.

+3

javascript php

shiro Jacinto 07 Aug At 1:47 am

source to share

1 answer

VMcreator · Answer 1 · 2015-08-07T03:00:23+0000

Use javascript encodeURIComponent when passing parameters in your ajax request, this will encode user data correctly.

Read here: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent

How can I use HTML special characters with xmlhttp.open?

More articles: