Skip to content

Commit

Permalink
Merge pull request #305 from vivian1912/master
Browse files Browse the repository at this point in the history
Update http.md
  • Loading branch information
ethan1844 authored Jul 24, 2024
2 parents d246f51 + 9636d26 commit d6920f6
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docs/api/http.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ This article introduces FullNode's HTTP APIs and their usage.


!!! note
Although TRON has avoided XSS by setting the Content-Type of HTTP APIs to application/json, there are a few APIs that don't have input validation. To better protect user data security, we recommend that you correctly encode any data from APIs before they use it in any UI.
Although TRON has avoided XSS by setting the Content-Type of HTTP APIs to application/json, there are a few APIs that don't have input validation. To better protect user data security, we recommend that you correctly encode any data from APIs before they use it in any UI, especially when the parameter `visible` equals true.

Here is a typical XSS protection method: Encode all data from the APIs in HTML. Use methods such as `encodeURIComponent()` or `escape()` to encode the data, which can convert special characters into their HTML entities and prevent them from being interpreted as HTML code by the browser.

Expand Down

0 comments on commit d6920f6

Please sign in to comment.