[{"data":1,"prerenderedAt":116},["ShallowReactive",2],{"blog-prompts/escape-html-output":3},{"id":4,"title":5,"body":6,"category":95,"date":96,"dateModified":97,"description":98,"draft":99,"extension":100,"faq":101,"featured":99,"headerVariant":102,"image":101,"keywords":101,"meta":103,"navigation":104,"ogDescription":105,"ogTitle":101,"path":106,"readTime":101,"schemaOrg":107,"schemaType":108,"seo":109,"sitemap":110,"stem":111,"tags":112,"twitterCard":114,"__hash__":115},"blog/blog/prompts/escape-html-output.md","Escape HTML Output with AI Prompts",{"type":7,"value":8,"toc":90},"minimark",[9,16,21,24,71],[10,11,12],"tldr",{},[13,14,15],"p",{},"Output encoding is the primary defense against XSS. Different contexts (HTML, JavaScript, URLs, CSS) need different encoding. Modern frameworks escape automatically, but you must avoid bypassing these protections. These prompts help you implement context-aware encoding.",[17,18,20],"h2",{"id":19},"context-aware-encoding","Context-Aware Encoding",[13,22,23],{},"Paste this prompt to have your AI review every template file for unencoded user data. You'll get a report of each rendering context (HTML body, attributes, JavaScript, URLs, CSS) with the correct encoding applied and any dangerous bypasses flagged.",[25,26,28,31,34,53,56,68],"prompt-box",{"title":27},"Encode for Each Context",[13,29,30],{},"Review my templates and ensure proper encoding for each context.",[13,32,33],{},"Different contexts need different encoding:",[35,36,37,41,44,47,50],"ol",{},[38,39,40],"li",{},"HTML Body: Encode \u003C > & \" '\n{htmlEncode(userInput)}",[38,42,43],{},"HTML Attributes: Encode all non-alphanumeric",[38,45,46],{},"JavaScript: JSON.stringify or JS-encode\nvar data = {JSON.stringify(userInput)};",[38,48,49],{},"URLs: Use encodeURIComponent",[38,51,52],{},"CSS: Encode or avoid user input entirely\n(Extremely dangerous - avoid if possible)",[13,54,55],{},"Review each template file for:",[57,58,59,62,65],"ul",{},[38,60,61],{},"Places where user data is rendered",[38,63,64],{},"Whether correct encoding is applied",[38,66,67],{},"Any bypasses like dangerouslySetInnerHTML",[13,69,70],{},"Flag any unencoded output of user data.",[72,73,74,80,85],"related-articles",{},[75,76],"related-card",{"description":77,"href":78,"title":79},"AI prompts to add authentication to your API. Implement JWT, API keys, session-based auth, and OAuth for secure API acce","/blog/prompts/add-api-authentication","Add API Authentication with AI Prompts",[75,81],{"description":82,"href":83,"title":84},"AI prompts to add authentication middleware. Protect your API routes, server actions, and pages with reusable auth check","/blog/prompts/add-auth-middleware","Add Auth Middleware with AI Prompts",[75,86],{"description":87,"href":88,"title":89},"AI prompts to implement Content Security Policy headers. Prevent XSS, clickjacking, and other injection attacks with pro","/blog/prompts/add-csp-headers","Add Content Security Policy with AI Prompts",{"title":91,"searchDepth":92,"depth":92,"links":93},"",2,[94],{"id":19,"depth":92,"text":20},"prompts","2026-02-19","2026-03-06","AI prompts to properly escape HTML output. Implement context-aware encoding to prevent XSS when rendering user data in your templates.",false,"md",null,"cyan",{"noindex":104},true,"AI prompts to implement proper output encoding for XSS prevention.","/blog/prompts/escape-html-output","[object Object]","BlogPosting",{"title":5,"description":98},{"loc":106},"blog/prompts/escape-html-output",[113],"Frontend","summary_large_image","iRW77tPAUqwlA0s4HcL8oe0D4MFlvn3prLE45zNwmC4",1775843938505]