html-escape-characters

.Net Method for converting String to HTML Escape Characters

I want to convert an e-mail address into HTML Escape Characters as a basic way to try and avoid being harvested by spam-bots. Like mentioned in this question: When placing email addresses on a webpage do you place them as text like this: [email protected] or use a clever trick to try and fool the email address ha...

Rails: Is it not possible/necessary to html_escape all email text (in the view)?

Hi there, can anyone tell me if it is normal and OK for Rails to turn a normal quotation mark (") into & q u o t ; (and not keep the normal quotation mark) when it is html_escape-d in an email view? I.e.: h(whatever_text_that_contains_normal_quotation_marks) in an email view "signup_mail.erb". Because that would mean that email conte...

Minimum requirements for escaping HTML output

What are the characters that are required and suffice when escaping user-generated content before output? (in other words: what are the characters web developers should escape when outputting text that previously came from an untrusted, anonymous source?) ...