daohualiuxiang
/
AspNetCore.Docs
mirror of https://github.com/dotnet/AspNetCore.Docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update cross-site-scripting.md (#2873)

pull/2876/head
geeeyetee 2017-03-02 22:38:31 -05:00 committed by Rick Anderson
parent a589568f7f
commit 561c535315
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
aspnetcore/security/cross-site-scripting.md
View File

@ -219,7 +219,7 @@ Safe list ranges are specified as Unicode code charts, not languages. The [Unico
> [!NOTE]
> Customization of the safe list only affects encoders sourced via DI. If you directly access an encoder via `System.Text.Encodings.Web.*Encoder.Default` then the default, Basic Latin only safelist will be used.
## Where encoding should take place?
## Where should encoding take place?
The general accepted practice is that encoding takes place at the point of output and encoded values should never be stored in a database. Encoding at the point of output allows you to change the use of data, for example, from HTML to a query string value. It also enables you to easily search your data without having to encode values before searching and allows you to take advantage of any changes or bug fixes made to encoders.