Skip to content
application-security

Output Encoding

Output Encoding

Definition

Output encoding converts potentially dangerous characters into safe representations before rendering data in a specific context — HTML encoding for HTML output, JavaScript encoding for script contexts, URL encoding for query parameters. It is the primary defense against XSS attacks by ensuring that attacker-controlled data is always treated as content, never as executable code.

Context-aware encoding is essential: the encoding needed for HTML body differs from that needed for HTML attributes or JavaScript strings.

Related Terms

XSS
Cross-Site Scripting
Input Validation
Input Validation
CSP
Content Security Policy
← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product