Is there an elegant way of handling % character in web applications where the user is allowed to enter data?
A:
you need to escape % sign from input in your web development language. php/asp.net/python/ruby?
Axarydax
2010-03-26 13:36:36
A:
Can you be a little more specific? You can use JavaScript's encodeURIComponent if you need to append any data to a GET request. Otherwise if you are going to display data that has been entered you will need to escape it before display (using whatever web framework you are using), to prevent Cross-Site-Scripting.
Justin Ethier
2010-03-26 13:37:07
Actually we use POST requests. What we do in use another character such as "~" and stored this in the database. During display we again change "~" to "%" and display it. Is this how it is usually handled or is there a better approach. When we escape the "%" character we would use more than one character - this cuts-off the last few characters in the entered string (varchar).
Subramanian
2010-03-31 11:42:21
Justin Ethier
2010-03-31 13:19:44