HtmlEncode function before I insert any text from database to web page. But, there is one problem this function call won't solve. And I didn't notice this problem until I used the "HTML Validator" tool to inspect all the web pages I created.In this case, I grabbed a piece of text from database and inserted it into the web page as tooltip. I called
HtmlEncode function before inserting the text to the "title" attribute. Guess what, I forgot one thing: replace the single quote "'"! So, HTML like this can be generated.<span title="'blogger's">space<font>Of course it is wrong. You will only see this tooltip: "blogger". But, no web browsers have complained about this. And no users complained about this (well, they just don't know what they should see). I bet it won't be noticed by anybody not for this wonderful extension.
Link to this extension:
https://addons.mozilla.org/extensions/moreinfo.php?id=249&application=firefox
No comments:
Post a Comment