1 Reply Latest reply on Sep 5, 2012 6:38 PM by Sham HC

    xssAPI encodeForHTMLAttr what's the alternative?

    deepbluez Level 1

      Hi,

       

      Reading the xssAPI doc, on the method of encodeForHTMLAttr(), it says: 'DO NOT USE FOR ACTIONABLE ATTRIBUTES (href, src, event handlers); YOU MUST USE A VALIDATOR FOR THOSE!'

       

      Just wondering what to use to validate?  is getValidHref() the right one to use?

       

      Thanks!