paperlined.org
rosetta_stone > languages

document updated 2 months ago, on Aug 12, 2025

When producing HTML output from user-generated input, it's extremely important to properly escape strings to prevent XSS attacks.

	HTML escape	URL escape	URL parameter escape
~~Perl core~~	~~CGI::escapeHTML()~~	~~CGI::Util::escape()~~	~~CGI::Util::simple_escape()~~
Perl + CGI::Tiny	CGI::Tiny::escape_html()
Perl + LWP		URI::Escape
Perl + Plack	Plack::Util::encode_html()	URI::Escape
Perl + Dancer	Dancer::Error::_html_encode()
Perl + URL::Encode			(TODO)
Perl			URI::Encode
PHP	htmlentities()	urlencode()	?
Javascript	3rd-party function needed	encodeURI()	encodeURIComponent()

other escaping

Perl
- newline→"\n\r": Data::Dumper::qquote() [click on 'source']