Certified Information Systems Security Professional (CISSP) — Question 174

When securing Hypertext Markup Language (HTML) text data, which is the purpose of the escape function?

Answer options

• A. Ending the current process to protect the code
• B. Providing an exit path for user input
• C. Replacing potentially harmful characters
• D. Preventing unauthorized users from writing data

Correct answer: C

Explanation

The escape function is primarily used to replace potentially harmful characters in HTML with their corresponding safe representations, preventing injection attacks. Options A, B, and D do not accurately reflect the role of the escape function in ensuring data security.