Output Encoding
When outputting an Entity to the screen you have different encoding methods to choose from. How do I know which one I should use?
- &mvt - Prints the value directly to the screen with no encoding.
- &mvte - Variables that begin with &mvte are “entity encoded.” All characters are encoded so they are not interpreted by the browser. This is used for all form input values and anywhere user input is written back to the page. Entity encoding variables prevents against cross side scripting and other harmful attacks.
- &mvta - Variables that begin with &mvta are “attribute encoded.” This means that any characters they contain will be converted to the correct format for use in a link. This is used for all links and will convert spaces and other characters to link friendly characters.
- &mvtj– Outputs the value javascript encoded. This is for use with JSON or JavaScript
- &mvts– Outputs the value as a “slugified” value. All spaces get replaced with dashes and special characters get removed. Multiple dashes in a row get replaced with a single dash.
Still confused on which encoding Output to use? See this thread in the forums for an example.
Example Code