Originally posted by Alan Cavanagh:
Forms are implicitly encoded/decoded. But from a security perspective do I need to check for anything sever side?
Again, the URL encoding has absolutely
nothing to do with security. Do not confuse
encoding with
encryption. If you want security, that's where SSL comes in.
As for storing data. I wont be storing URLS.
Then you don't need to worry about URL encoding. No URLs, no URL encoding.
Do I store the encoded version on my database?
No. Again, URL encoding will do nothing for you with regards to security or hacking or anything along those line.
So im guessing I would have to encode those links?
Depends how the URLs are being generated. In JavaScript? In
Java? With the JSTL?
Im not sure what HTML encoding is for though?
To encode text data so that it doesn't interfere with HTML parsing. For example, putting angle brackets in your text can boof up the HTML parsing, so those characters must be encoding to display correctly.
[ August 25, 2008: Message edited by: Bear Bibeault ]