[{"data":1,"prerenderedAt":349},["ShallowReactive",2],{"term-e\u002Fescape":3,"related-e\u002Fescape":332},{"id":4,"title":5,"acronym":6,"body":7,"category":313,"description":314,"difficulty":315,"extension":316,"letter":317,"meta":318,"navigation":276,"path":319,"related":320,"seo":326,"sitemap":327,"stem":330,"subcategory":6,"__hash__":331},"terms\u002Fterms\u002Fe\u002Fescape.md","Escape",null,{"type":8,"value":9,"toc":307},"minimark",[10,15,28,32,55,59,296,300,303],[11,12,14],"h2",{"id":13},"eli5-the-vibe-check","ELI5 — The Vibe Check",[16,17,18,19,23,24,27],"p",{},"Escaping means converting special characters into their safe equivalents before putting them in HTML, SQL, or a shell command. Like turning ",[20,21,22],"code",{},"\u003C"," into ",[20,25,26],{},"<"," so the browser shows it as text instead of running it as code. Escaping is context-specific: HTML escaping, SQL escaping, and shell escaping are all different.",[11,29,31],{"id":30},"real-talk","Real Talk",[16,33,34,35,37,38,37,41,37,44,37,47,50,51,54],{},"Escaping is the process of converting special characters into their escaped equivalents for the current context, preventing injection attacks. HTML escaping converts ",[20,36,22],{},", ",[20,39,40],{},">",[20,42,43],{},"&",[20,45,46],{},"'",[20,48,49],{},"\""," to HTML entities. SQL escaping uses parameterized queries. Shell escaping uses libraries like ",[20,52,53],{},"shellescape",".",[11,56,58],{"id":57},"show-me-the-code","Show Me The Code",[60,61,66],"pre",{"className":62,"code":63,"language":64,"meta":65,"style":65},"language-javascript shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","\u002F\u002F HTML escaping prevents XSS\nfunction escapeHtml(str) {\n  return str\n    .replace(\u002F&\u002Fg, '&')\n    .replace(\u002F\u003C\u002Fg, '<')\n    .replace(\u002F>\u002Fg, '>')\n    .replace(\u002F\"\u002Fg, '"')\n    .replace(\u002F'\u002Fg, ''');\n}\n\n\u002F\u002F Most templating engines (Handlebars, Jinja2) escape by default\n\u002F\u002F {{ userInput }}  ← escaped\n\u002F\u002F {{{ userInput }}} ← raw, dangerous!\n","javascript","",[20,67,68,77,102,113,151,178,206,234,265,271,278,284,290],{"__ignoreMap":65},[69,70,73],"span",{"class":71,"line":72},"line",1,[69,74,76],{"class":75},"sHwdD","\u002F\u002F HTML escaping prevents XSS\n",[69,78,80,84,88,92,96,99],{"class":71,"line":79},2,[69,81,83],{"class":82},"spNyl","function",[69,85,87],{"class":86},"s2Zo4"," escapeHtml",[69,89,91],{"class":90},"sMK4o","(",[69,93,95],{"class":94},"sHdIc","str",[69,97,98],{"class":90},")",[69,100,101],{"class":90}," {\n",[69,103,105,109],{"class":71,"line":104},3,[69,106,108],{"class":107},"s7zQu","  return",[69,110,112],{"class":111},"sTEyZ"," str\n",[69,114,116,119,122,125,128,131,133,137,140,143,146,148],{"class":71,"line":115},4,[69,117,118],{"class":90},"    .",[69,120,121],{"class":86},"replace",[69,123,91],{"class":124},"swJcz",[69,126,127],{"class":90},"\u002F",[69,129,43],{"class":130},"sfazB",[69,132,127],{"class":90},[69,134,136],{"class":135},"sbssI","g",[69,138,139],{"class":90},",",[69,141,142],{"class":90}," '",[69,144,145],{"class":130},"&",[69,147,46],{"class":90},[69,149,150],{"class":124},")\n",[69,152,154,156,158,160,162,164,166,168,170,172,174,176],{"class":71,"line":153},5,[69,155,118],{"class":90},[69,157,121],{"class":86},[69,159,91],{"class":124},[69,161,127],{"class":90},[69,163,22],{"class":130},[69,165,127],{"class":90},[69,167,136],{"class":135},[69,169,139],{"class":90},[69,171,142],{"class":90},[69,173,26],{"class":130},[69,175,46],{"class":90},[69,177,150],{"class":124},[69,179,181,183,185,187,189,191,193,195,197,199,202,204],{"class":71,"line":180},6,[69,182,118],{"class":90},[69,184,121],{"class":86},[69,186,91],{"class":124},[69,188,127],{"class":90},[69,190,40],{"class":130},[69,192,127],{"class":90},[69,194,136],{"class":135},[69,196,139],{"class":90},[69,198,142],{"class":90},[69,200,201],{"class":130},">",[69,203,46],{"class":90},[69,205,150],{"class":124},[69,207,209,211,213,215,217,219,221,223,225,227,230,232],{"class":71,"line":208},7,[69,210,118],{"class":90},[69,212,121],{"class":86},[69,214,91],{"class":124},[69,216,127],{"class":90},[69,218,49],{"class":130},[69,220,127],{"class":90},[69,222,136],{"class":135},[69,224,139],{"class":90},[69,226,142],{"class":90},[69,228,229],{"class":130},""",[69,231,46],{"class":90},[69,233,150],{"class":124},[69,235,237,239,241,243,245,247,249,251,253,255,258,260,262],{"class":71,"line":236},8,[69,238,118],{"class":90},[69,240,121],{"class":86},[69,242,91],{"class":124},[69,244,127],{"class":90},[69,246,46],{"class":130},[69,248,127],{"class":90},[69,250,136],{"class":135},[69,252,139],{"class":90},[69,254,142],{"class":90},[69,256,257],{"class":130},"'",[69,259,46],{"class":90},[69,261,98],{"class":124},[69,263,264],{"class":90},";\n",[69,266,268],{"class":71,"line":267},9,[69,269,270],{"class":90},"}\n",[69,272,274],{"class":71,"line":273},10,[69,275,277],{"emptyLinePlaceholder":276},true,"\n",[69,279,281],{"class":71,"line":280},11,[69,282,283],{"class":75},"\u002F\u002F Most templating engines (Handlebars, Jinja2) escape by default\n",[69,285,287],{"class":71,"line":286},12,[69,288,289],{"class":75},"\u002F\u002F {{ userInput }}  ← escaped\n",[69,291,293],{"class":71,"line":292},13,[69,294,295],{"class":75},"\u002F\u002F {{{ userInput }}} ← raw, dangerous!\n",[11,297,299],{"id":298},"when-youll-hear-this","When You'll Hear This",[16,301,302],{},"\"Escape all user-supplied data before inserting it into HTML.\" \u002F \"Handlebars escapes by default — use triple braces only when you trust the content.\"",[304,305,306],"style",{},"html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}html pre.shiki code .spNyl, html code.shiki .spNyl{--shiki-light:#9C3EDA;--shiki-default:#C792EA;--shiki-dark:#C792EA}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .sHdIc, html code.shiki .sHdIc{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#EEFFFF;--shiki-default-font-style:italic;--shiki-dark:#BABED8;--shiki-dark-font-style:italic}html pre.shiki code .s7zQu, html code.shiki .s7zQu{--shiki-light:#39ADB5;--shiki-light-font-style:italic;--shiki-default:#89DDFF;--shiki-default-font-style:italic;--shiki-dark:#89DDFF;--shiki-dark-font-style:italic}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html pre.shiki code .swJcz, html code.shiki .swJcz{--shiki-light:#E53935;--shiki-default:#F07178;--shiki-dark:#F07178}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .sbssI, html code.shiki .sbssI{--shiki-light:#F76D47;--shiki-default:#F78C6C;--shiki-dark:#F78C6C}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":65,"searchDepth":79,"depth":79,"links":308},[309,310,311,312],{"id":13,"depth":79,"text":14},{"id":30,"depth":79,"text":31},{"id":57,"depth":79,"text":58},{"id":298,"depth":79,"text":299},"security","Escaping means converting special characters into their safe equivalents before putting them in HTML, SQL, or a shell command.","beginner","md","e",{},"\u002Fterms\u002Fe\u002Fescape",[321,322,323,324,325],"Sanitization","Input Validation","Encoding","XSS","SQL Injection",{"title":5,"description":314},{"changefreq":328,"priority":329},"weekly",0.7,"terms\u002Fe\u002Fescape","uOsEJlaBSliUIJ2XqaWN2IfOPz7pvYm4Ng_KpxU90Eg",[333,336,339,342,346],{"title":323,"path":334,"acronym":6,"category":313,"difficulty":315,"description":335},"\u002Fterms\u002Fe\u002Fencoding","Encoding is converting data into a different format for safe transport or storage — not for security, but to prevent misinterpretation.",{"title":322,"path":337,"acronym":6,"category":313,"difficulty":315,"description":338},"\u002Fterms\u002Fi\u002Finput-validation","Input validation is checking that user input is what you expect before using it.",{"title":321,"path":340,"acronym":6,"category":313,"difficulty":315,"description":341},"\u002Fterms\u002Fs\u002Fsanitization","Sanitization is cleaning up user input before using it — stripping out anything dangerous like script tags or SQL commands.",{"title":325,"path":343,"acronym":6,"category":313,"difficulty":344,"description":345},"\u002Fterms\u002Fs\u002Fsql-injection","intermediate","SQL injection is when a hacker types SQL code into a text field instead of normal text, and your stupid database runs it.",{"title":324,"path":347,"acronym":324,"category":313,"difficulty":344,"description":348},"\u002Fterms\u002Fx\u002Fxss","XSS stands for Cross-Site Scripting. Hackers inject their own JavaScript into your site so when other users visit, the evil script runs in their browser.",1776518277776]