Given a form input field for example <input type="text" value="xxxxx" name="something">
Given a string let's say Hello I said "Your my friend" isn't that nice?
How do I safely enter the given string as the value where 'xxxxx' is in the input tag above?
Doing a straight substitution would cause this:
<input type="text" value="Hello I said "Your my friend" isn't that nice?">
As you can see the end result is not coherent. The value is now Hello I said there is a bunch of improper text, than another string, not good.
How do you safely enter strings of unknown or potentially unsafe characters into these kinds of HTML attributes?
Use HTML entities
<input type="text" value="Hello I said "Your my friend" isn't that nice?">