Which extension is best against injected code? .txt, .html, .log, .dat?
As the question stands its unclear what you’re asking. The extension of a file doesn’t really matter. What kind of injections are you thinking of?
As in malicious code.
As long as the code is parsed the file extensions doesn’t matter
What do you mean parsed?
If the server or the client execute the code the file extension doesn’t matter.
Do you have a use case for this problem?
Not a problem. Just needed an opinion. Doing a little editing for a php comment system and was just wondering if one is better, than the other. Tried .txt, .html, so far.