开发者

Accepting raw HTML in a POST request

I am building an API and I have a method that will accept a PO开发者_如何学运维ST request with a couple of parameters.

One of the parameters will be HTML code. A user can pass in a whole HTML page, how should I accept this?

Is it ok to ask the user to base64_encode it? Or is it there a better way?

I am worried about parsing invalid characters and different character encodings etc.


You really want the user to encode their HTML with base64 ? :)
That would be not viable

Just put a and accept the HTML. Be careful with XSS and other malicious staff


Yeah! I think using base_64 encoding would be wiser as input. Since while using the API for consumers later on passing in directly the HTML would be prone to injections as well as would get crappy to handle as strings, quotes, special characters etc..

If not then;

A rule could be like you can make another method within your API which wraps the html string like encode("<html>...</html>"); this way you would expect the encoded string always and decode it to use further.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜