SecPlusTrainer / Glossary / What is output encoding?
D2 · Threats

What is output encoding?

Output encoding converts special characters to safe representations before displaying user input in HTML — preventing browsers from interpreting content as executable code (XSS prevention).
HTML encode: < becomes &lt; > becomes &gt; preventing XSS. Context matters: HTML encoding ≠ JavaScript encoding ≠ URL encoding. Use context-aware encoding libraries (OWASP Java HTML Sanitizer, ESAPI). Never write your own encoder.

Related Terms

What is adversarial AI in cybersecurity? What is an aggregation attack? What is anti-forensics? What is an attack surface?
← Back to Glossary Practice Questions →