I have been grappling using the fraught section of getting away user (text) input for webpages. The best goal would be to have user input displayed and saved just as entered, having to break anything.

To that particular finish I've been while using following test string :

'"$%^&lifier()+=-£[]/n/<>@~,.?#:!&amp;``&quot;&#39;

It appears to be effective (even Stack Overflow or Twitter isn't immune, hence the rear ticks). My real question is, will this string capture most getting away problems, for instance going from the web site via Ajax and also to a database and again?

Actually how do you display this string in Stack Overflow with no back ticks?

It is possible to better one, e.g. say one which will reveal encoding problems too?

When I am testing, I am using something similar to this

a’b<’>",!"/%$?$&lifier?%(()%/"!"/&lifier?%$/"&lifier$/"?%&lifier?-f¯Ñ112üêù

This really is generally sufficient to focus on encoding issues, a minimum of from what I can tell.

Together with a mathematical symbol for example unicode x2202 may be helpful too.

That appears like it ought to be these. The wisest factor to complete is always to (with respect to the language you are using) make use of a library that's been well examined, that may sanitize user input. Just discuss with the other websites use.

See here: http://gendoh.com/2511063

The publish is designed in Korean, however, you often see why is distinction between several given designs. (V1 to V3 are for generic web applications while V4 and V5 is perfect for javascripts.)