Doubleencoding

Doubleencoding refers to the practice of encoding data more than once using one or more encoding schemes. Common schemes include URL percent-encoding, HTML entity encoding, and Unicode escaping. Doubleencoding can happen intentionally or inadvertently as data passes through multiple layers of a system that each apply their own encoding.

In web applications, doubleencoding often arises when input is encoded for transport, stored, and later re-encoded

A typical illustration is a character such as < that is encoded as %3C in a URL, and

Mitigation focuses on consistency and defense in depth. Normalize or canonicalize input data at a single boundary,