Encode hidden form field value

Question

What method should I use to encode hidden a form field value? Assume that I am storing text like this:

This is a "really" long string with 'quotes' and special characters (~!@#$%^&*()_+{}), which might have a random quote (") in the middle of it, making the HTML invalid.

We are using ASP.net to set the value:

<input type="hidden" value="<%= Model.UnencodedTextData %>" name="askingForTrouble" />

I believe if we HTML encoded it, it would solve the problem, but this form will be posted to another application, which we do not have control over. So will the receiving application (Marketo) automatically know how to decode this?

Thank you.

Yes, just HTML encode it. You have to. And no it won't send HTML entities, the HTML encoding only has meaning in HTML itself. If there are issues I would consult with the third party. — Wesley Murch, May 13 '14 at 20:08

Murtza Manzur · Answer 1 · 2014-05-15T09:04:08.217

1

Marketo developer evangelist here. Before posting to Marketo, it is best to use HTML URL encoding for special characters. For example, the JavaScript code sample below would URL encode "&" and "%" characters.

function htmlEscape(str) {
    return String(str)
        .replace(/&/g, '%26')
        .replace(/%/g, '%20');
}

edited May 15 '14 at 09:04

answered May 15 '14 at 08:53

Murtza Manzur

1,224
1
8
12

Encode hidden form field value

1 Answers1

Linked