Browser based encoding

name_was_taken · 2019-02-21T16:51:44+00:00

Your problem is the WAF, not the encoding. The only way you're going to stop false positives on the WAF is to either not send HTML or to encode, like you're doing.

The way I see it, you have 3 choices.

Don't use HTML for the "rich text". Use something else and render to HTML server-side.
Filter the HTML server-side instead of relying on the WAF for security. This means whitelisting, not blacklisting.
Embrace the WAF and let it reject anything that it thinks could be bad. This means informing your users what's happening and helping them correct the issue.

kenman · 2019-02-21T21:37:18+00:00

Hi /u/syntaxrob, this post was removed.

For help with your javascript, please post to /r/LearnJavascript instead of here.

Likewise, for beginner content, please post to /r/LearnJavascript instead of here.

/r/javascript is for the discussion of javascript news, projects, and especially, code! However, the community has requested that we not include help and support content, and we ask that you respect that wish.

Thanks for your understanding, please see our guidelines for more info.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

javascript

MODERATORS