Bug Bounty Hub
  • πŸš€WELCOME
    • Bug Bounty Hub
    • BBH - Values
    • About the author
  • πŸ•ΈοΈPENTESTING WEB
    • Information Gathering
      • Enumerating ASN and IP blocks
      • Reverse IP Lookup
      • Scanning Open Ports/Services
      • Subdomain Enumeration
        • Active Subdomain Enumeration
        • Passive Subdomain Enumeration
        • Subdomain Permutations
        • Check Alive Subdomains
      • Subdomain Takeover
      • Fuzzing
      • JavaScript Files
      • Endpoints
      • Input Parameters
      • Mapping Attack Surface - Crawling/Spider
      • Fingerprinting
      • Potential Vulnerabilities - Nuclei
    • Client-Side Injection Attacks
    • Server-Side Vulnerabilities
      • Path Traversal/File Inclusion
      • Access Control
      • Authentication
      • Server-side Request Forgery (SSRF)
      • File upload vulnerabilities
      • OS Command Injection
      • SQL Injection
        • MySQL Injection
        • SQLi with SQLMap
    • Authentication
    • Insecure Direct Object Reference (IDOR)
    • Cross-Site Request Forgery Attacks
    • Business Logic Flaws
    • HTTP Verb Tampering
    • Bypass 401 & 403
    • Evading WAFs
    • Reporting
  • 🐣THE BASICS OF WEB
    • HTTP Methods
    • HTTP Response Codes
    • HTTP Headers
      • AWS S3 Buckets Headers
    • HTTP Cookies
    • Encoding
      • URL encoding
      • HTML encoding
      • Base 64 encoding
      • Unicode encoding
    • Web Browsers
      • Same-Origin Policy (SOP)
      • Content Security Policy (CSP)
      • Subresource Integrity Check (SIC)
    • Web Proxies
  • πŸ“šRESOURCES
    • Books
    • Web resources
    • CTF Platforms
  • πŸ”οΈBug Bounty Platforms
Powered by GitBook
On this page

Was this helpful?

  1. THE BASICS OF WEB
  2. Encoding

HTML encoding

HTML encoding is the process of converting special characters into a format that web browsers can safely display as text, rather than interpreting them as part of the HTML structure. It's an essential technique in web security to prevent user input from being executed as code, which is particularly important for avoiding vulnerabilities like Cross-Site Scripting (XSS).

As per HTML specification, all characters references must start with an ampersand (&) sign, this can be followed by multiple variations such as decimal and hexadecimal encoding.

Here are various ways to represent these characters:

Character
Named Entity
Decimal Encoding
Hexadecimal Encoding

<

&lt;

&#60;

&#X3C;

>

&gt;

&#62;

&#X3e;

'

&apos;

&#39;

&#X27;

"

&quot;

&#34;

&#X22;

References:

  • W3C - HTML Encoding: https://www.w3schools.com/Html/html_charset.asp

PreviousURL encodingNextBase 64 encoding

Last updated 6 months ago

Was this helpful?

🐣