| |
xkr.us / javascript / escape(), encodeURI(), encodeURIComponent()
by Acidus at 11:27 pm EST, Feb 9, 2008 |
The purpose of this article is to examine the differences between these three methods and decide on the appropriate times to use each.
Handy. |
| |
RE: xkr.us / javascript / escape(), encodeURI(), encodeURIComponent()
by fluortanten at 11:33 am EST, Feb 11, 2008 |
The purpose of this article is to examine the differences between these three methods and decide on the appropriate times to use each.
It doesn't highlight the i18n issues enough imho.
(In fact, the CSS highligthing of those sentences is rendered extremely faintly in my browser) |
|
| | |
RE: xkr.us / javascript / escape(), encodeURI(), encodeURIComponent()
by Acidus at 10:56 am EST, Feb 12, 2008 |
fluortanten wrote: The purpose of this article is to examine the differences between these three methods and decide on the appropriate times to use each.
It doesn't highlight the i18n issues enough imho.
(In fact, the CSS highligthing of those sentences is rendered extremely faintly in my browser)
Please elaborate! I do a fair bit of JavaScript programming and I doubt much of my code would work will with internationalization. In fact, the only issue I'm really aware of with internationalization applies to domain names, specifically the homograph attack from a few years back. |
|
| | | |
RE: xkr.us / javascript / escape(), encodeURI(), encodeURIComponent()
by fluortanten at 12:12 pm EST, Feb 26, 2008 |
To be clear I was just looking at it from a general (non-security) perspective there.
I'm afraid I can't elaborate much beyond "escape() ... this function fails to handle non-ASCII characters correctly" That should be highlighted just as much as "escape() will not encode: @*/+". I'm just sticking to simple rules like "don't use any function that doesn't handle unicode" when developing insecure webapps. |
|
|
|
