From 9636d26a304d608ad04ee303c3a482969979af1a Mon Sep 17 00:00:00 2001 From: yingying Date: Wed, 24 Jul 2024 12:18:46 +0800 Subject: [PATCH] Update http.md --- docs/api/http.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/api/http.md b/docs/api/http.md index ec961ac2..38014221 100644 --- a/docs/api/http.md +++ b/docs/api/http.md @@ -3,7 +3,7 @@ This article introduces FullNode's HTTP APIs and their usage. !!! note - Although TRON has avoided XSS by setting the Content-Type of HTTP APIs to application/json, there are a few APIs that don't have input validation. To better protect user data security, we recommend that you correctly encode any data from APIs before they use it in any UI. + Although TRON has avoided XSS by setting the Content-Type of HTTP APIs to application/json, there are a few APIs that don't have input validation. To better protect user data security, we recommend that you correctly encode any data from APIs before they use it in any UI, especially when the parameter `visible` equals true. Here is a typical XSS protection method: Encode all data from the APIs in HTML. Use methods such as `encodeURIComponent()` or `escape()` to encode the data, which can convert special characters into their HTML entities and prevent them from being interpreted as HTML code by the browser.