When should I HTML-escape data in my code and when should I URL-escape? I am confused about which one when to use...
For example, given a element which asks for an URL:
<input type="text" value="DATA" name="URL">
Should I HTML-Escape DATA
here or URL-escape it here?
And what about an element:
<a href="URL" title="URL">NAME</a>
Should URL
be URL-escaped or HTML-escaped? What about NAME
?
Thanks, Boda Cydo.