How to unproperly encode my HTML chunk so it is displayed properly in my page

tags:

views:

44

answers:

1

+1 Q:

How to unproperly encode my HTML chunk so it is displayed properly in my page

I need to retrieve some HTML tags from a database to display in my page. But when the web server outputs the query result (a small html chunk), it encodes the HTML before outputing on the page.

Example : <a> becomes <a>

The server behavior cannot be changed. If I could change it, I would!

Is there a way I can encode my HTML chunk before storing it in db so when the server renders the page, the chunk gets encoded/decoded(?) and it gets displayed properly ?

I'm not sure it's even possible.

+1 A:

No. If the output stage is HTML-encoding data it fetches from the database, that's because it is designed to handle the database content as text, and is deliberately not allowing HTML output. That's usually what you want to do, as if someone can inject data into the database that displays as raw HTML, you've potentially got cross-site-scripting security problems.

If you want raw HTML output, you must change the output stage to not escape markup characters. There is no possible “more unencoded than raw” format that would output raw HTML when encoded.

bobince 2010-07-13 20:41:20

It's a private web site, so there is no xss security concerns. But from what you are telling me, there is no way to 'trick' the server to encode so it gets transform in valid html. I tought so.

Philippe 2010-07-14 03:06:58

ansaurus

tags:

views:

answers:

How to unproperly encode my HTML chunk so it is displayed properly in my page

related questions