Skip to content

Output Encoding

Catalog Module

Published on

This module explores output encoding, which is translating special characters into some equivalent form that is no longer dangerous in the target interpreter. We examine encoding, escaping, and contextual output encoding, various language approaches to encoding, and review examples. Output encoding protects what comes out of the application, and sometimes input. Improper encoding or escaping allow an attacker to change the commands that are sent to another component, inserting malicious commands instead. Encoding is a safety issue. The safety of the users of your application is at stake.