secure_output — Output encoding for HTML, JSON, URL, JS, CSS, XML, LDAP, and shell contexts (OWASP C4).
Provides the [OutputEncoder] open trait and concrete implementations:
- [
HtmlEncoder] — HTML context encoding with zero-copy for safe strings - [
JsonEncoder] — JSON context encoding preventing</script>injection - [
UrlEncoder] — URL percent-encoding per RFC 3986 - [
JsStringEncoder] — JavaScript string literal encoding - [
CssEncoder] — CSS context encoding via unicode-escape - [
XmlEncoder] — XML text/attribute encoding - [
ldap::LdapDnEncoder] — LDAP Distinguished Name encoding (RFC 4514) - [
ldap::LdapFilterEncoder] — LDAP search filter encoding (RFC 4515) - [
shell::ShellEncoder] — POSIX shell argument encoding
Also provides:
- [
sanitize_uri_scheme()] — blocks dangerous URI schemes (javascript:, data:, etc.)