Function otter_api_tests::otter_support::crates::otter_base::crates::htmlescape::encode_minimal
[−]Expand description
HTML entity-encode a string.
Entity-encodes a string with a minimal set of entities:
" -- "
& -- &
' -- '
< -- <
> -- >
Arguments
s
- The string to encode.
Return value
The encoded string.
Example
let encoded = htmlescape::encode_minimal("<em>Hej!</em>");
assert_eq!(&encoded, "<em>Hej!</em>");
Safety notes
Using the function to encode an untrusted string that is to be used as a HTML attribute value may lead to XSS vulnerabilities. Consider the following example:
let name = "dummy onmouseover=alert(/XSS/)"; // User input
let tag = format!("<option value={}>", htmlescape::encode_minimal(name));
// Here `tag` is "<option value=dummy onmouseover=alert(/XSS/)>"
Use escape_attribute
for escaping HTML attribute values.