This repository has been archived by the owner on Jul 31, 2019. It is now read-only.
encodeURIComponent
on the "Getting started" page
#141
Labels
Quoted from http://hapijs.com/tutorials:
While I agree that rendering user provided data is often a risk, I have big doubts whether the presented method it is really a good idea. It means garbling possibly valid user input such as
John "Johnny" Doe
orВладимирь
. Shouldn'tContent-Type: application/json
be enough to guard against HTML/JS injection?The text was updated successfully, but these errors were encountered: