Should I encode the HTML of my web API

Question

Should I encode the HTML of my web API

I am developing a web API that returns JSON as a content type, the response body may contain characters like ' , " , < and > , they are valid characters in JSON. So my question is whether I should encode HTML for my body Web API response or leave this task to an HTML client that uses my web API?

+8

json html-encode asp.net-web-api

Shuping Aug 20 '13 at 2:50

source share

2 answers

What platform are you using? For example, Node.js, you can use restify for very good handling. You do not need to explicitly encode data. Therefore, please find an indispensable structure or component to help you.

0

Jake lin Aug 20 '13 at 2:53

source share

SLaks · Accepted Answer · 2013-08-20T02:54:24+0000

Not; you should not.

You should avoid data if and when you combine them into a structured format.

If you return JSON, for example { "text": "Content by X & Y" } , anyone who reads this JSON will see the literal text & .
It will only work correctly for extremely broken clients who combine it directly into their HTML without exiting.

In short:

Never delete text unless you are going to display it.

Should I encode the HTML of my web API

Never delete text unless you are going to display it.

More articles: