Skip to content

Encoding

Easy — everyone uses thisSecurity

ELI5 — The Vibe Check

Encoding is converting data into a different format for safe transport or storage — not for security, but to prevent misinterpretation. URL encoding turns spaces into %20 so URLs stay valid. Base64 encoding turns binary data into text. It's not encryption — encoded data can be decoded by anyone.

Real Talk

Encoding transforms data into a different representation for compatibility or safe transmission. In security, output encoding is critical for injection prevention — encoding data for the specific context (HTML, URL, JSON) it will be inserted into. Different from encryption: encoding has no key and is reversible by anyone.

Show Me The Code

// URL encoding
const encoded = encodeURIComponent('hello world & more');
// 'hello%20world%20%26%20more'

// Base64 encoding (NOT encryption)
const b64 = Buffer.from('secret data').toString('base64');
// 'c2VjcmV0IGRhdGE='
const decoded = Buffer.from(b64, 'base64').toString();
// 'secret data'

When You'll Hear This

"URL-encode the query parameters before appending them." / "Base64 is encoding, not encryption — don't use it to hide data."

Related Terms

Encryption

Encryption is scrambling your message into gibberish so only someone with the secret decoder ring can read it.

beginnerSecurity

Escape

Escaping means converting special characters into their safe equivalents before putting them in HTML, SQL, or a shell command.

beginnerSecurity

Sanitization

Sanitization is cleaning up user input before using it — stripping out anything dangerous like script tags or SQL commands.

beginnerSecurity

XSS (XSS)

XSS stands for Cross-Site Scripting. Hackers inject their own JavaScript into your site so when other users visit, the evil script runs in their browser.

intermediateSecurity
Back to Browse Random Term

Made with passive-aggressive love by manoga.digital. Powered by Claude.