Background

contenido

TronGrid provides all full-node HTTP APIs, and it also provides its proprietary user-friendly extension API. The latest version of TronGrid's proprietary API is v1.

TronGrid API service has the features of low latency, high consistency, high availability and partition fault tolerance. TronGrid API service is available for mainnet, Shasta testnet and Nile testnet, so please choose the appropriate network according to your needs before using TronGrid API service.

Although TRON has avoided XSS by setting the Content-Type of HTTP APIs to application/json, there are a few APIs that don't have input validation. To better protect user data security, we recommend that you correctly encode any data from APIs before they use it in any UI, especially when parameter "visible = true" by default.

Here is a typical XSS protection method: Encode all data from the APIs in HTML. Use methods such as encodeURIComponent() or escape() to encode the data, which can convert special characters into their HTML entities and prevent them from being interpreted as HTML code by the browser.

Please be sure to implement XSS protection for all data from the APIs to ensure the security of user data. We understand that you may need more information about XSS protection. It is recommended that you refer to the following resources: OWASP XSS Prevention Cheat Sheet.

In order to ensure the reasonable allocation of requested resources, all request APIs need to carry the parameter API Key, and requests without an API Key will be severely limited or not even responded. For details, please refer to the API Key chapter.

Resumir
TronGrid offers a comprehensive suite of full-node HTTP APIs, including its proprietary user-friendly extension API, currently at version v1. The service is characterized by low latency, high consistency, and availability, supporting mainnet, Shasta testnet, and Nile testnet. Users must select the appropriate network based on their needs. While TRON has implemented measures to prevent XSS attacks by setting the Content-Type of APIs to application/json, some APIs lack input validation. To enhance user data security, it is crucial to encode API data before displaying it in any UI, particularly when the 'visible' parameter is set to true. Recommended methods for encoding include `encodeURIComponent()` or `escape()`, which convert special characters into HTML entities, preventing them from being executed as HTML. Additionally, all API requests must include an API Key to ensure proper resource allocation; requests without this key may be limited or ignored. For further guidance on XSS protection, users are encouraged to consult the OWASP XSS Prevention Cheat Sheet.