HTML EncodingSummary: While penetration testing a web application, your main interest in HTML
encoding is likely to be when probing for cross-site scripting vulnerabilities.
If one application returns user input unmodified within its responses, then it is
probably vulnerable, whereas if dangerous characters are HTML-encoded
then it is probably safe
HTML encoding is a scheme used to represent problematic characters so that
they can be safely incorporated into an HTML document. Various characters
have special meaning as meta-characters within HTML and are used to define
the structure of a document rather than its content. To use these characters
safely as part of the document’s content, it is necessary to HTML-encode them.
HTML encoding defines numerous HTML entities to represent specific lit-
eral characters, for example: