about me


my software


Yucatán Photos

St Lucia Photos

Photo Album



< May 2012 >
   1 2 3 4 5
6 7 8 9101112

past articles »

Click for San Francisco, California Forecast

San Francisco, USA


&D\anger'"+<b>@?!mb Against Code Injection

I have to build my web app against code injection. I find that the problem requires us to see input string used in several different context.

  • In HTML/XML as text.
  • In HTML/XML as an attribute inside the quote.
  • In URL as query parameter.
  • In JavaScript to dynamically create or edit DOM elements.

In each context, there are different rule in escaping them. Since the data can move from one context to another, they have to be properly escaped in all cases.

To help test for proper escaping, I have come up with a string that has lots of special characters below. Put it in your test database and paste it in your input fields. Observe if this causes problem anywhere. In properly escaped system, the string should be transfered and reconstructed verbatim.


A related issue is whether your code support unicode correctly. I find it helpful to insert a string below into the test data to test it out right from the beginning.

  \u4e09\u570b\u5fd7 or

2012.05.01 [] - comments



blog comments powered by Disqus

past articles »


BBC News


Nobel Peace Prize for Tunisia mediators (09 Oct 2015)


China faces smoking 'death epidemic' (09 Oct 2015)


India anger at Saudi arm chopping (09 Oct 2015)


Scottish Ebola nurse back in isolation (09 Oct 2015)


DNA reveals 'into Africa' migration (08 Oct 2015)


First refugees fly from Italy to Sweden (09 Oct 2015)


Israeli stabs Arabs 'in revenge attack' (09 Oct 2015)


Libya doubts over UN unity government (09 Oct 2015)


US shooting family in .5m settlement (09 Oct 2015)


Russian missiles 'fell in Iran' (08 Oct 2015)

more »


Slashdot News for nerds, stuff that matters


Google Helped Cause the Mysterious Increase In 911 Calls SF Asked It To Solve (2015-10-09T01:00:00+00:00)


Mozilla Sets Out Its Proposed Principles For Content Blocking (2015-10-08T23:56:00+00:00)


SIgn Of the Times: Calif. Privacy Protections Signed Into Law (2015-10-08T23:38:00+00:00)


Dell Brings 4K InfinityEdge Display To XPS 15 Line, GeForce GPU, Under 4 Pounds (2015-10-08T22:57:00+00:00)


Man Behind Week-Long Bitcoin Attacks Reveals Himself (2015-10-08T22:15:00+00:00)


Complex Living Brain Simulation Replicates Sensory Rat Behaviour (2015-10-08T21:32:00+00:00)


How Analog Tide Predictors Changed Human History (2015-10-08T20:50:00+00:00)


In Midst of a Tech Boom, Seattle Tries To Keep Its Soul (2015-10-08T20:07:00+00:00)

more »


TechPsychic Tech Rumors and Invented News

more »


SF Gate


Bay Area News (7 Jan 2012)


City Insider (11 Feb 2012)


Crime Scene (13 Feb 2012)


C.W Newius Column (10 Jan 2012)


C.W. Nevius Blog (11 Feb 2012)


Education News (10 Jan 2012)


KALW (11 Feb 2012)


Matier and Ross Blog (11 Feb 2012)


Facebook tests buttons to express anger, sadness (8 Oct 2015)


Lyft rolls out gas, car rental discounts for drivers (8 Oct 2015)


Pandora to buy Ticketfly for million (8 Oct 2015)


Volkswagen U.S. chief knew of emissions problems in 2014 (8 Oct 2015)


Chinese hackers breached LoopPay, a contributor to Samsung Pay (8 Oct 2015)


Pure Storage falls after raising million in tech IPO (7 Oct 2015)

more »


Asia Times Online


China ramps up charges against Zhou (Fri 20 Mar 2015 11:00:00 GMT)


'100 dead' in Myanmar fighting (Fri 20 Mar 2015 11:00:00 GMT)


Tunisian president vows no mercy (Fri 20 Mar 2015 11:00:00 GMT)


SPENGLER Israel's 'referendum' on 'two-state solution' (Fri 20 Mar 2015 11:00:00 GMT)


Russia, S Ossetia sign 'integration' pact (Fri 20 Mar 2015 11:00:00 GMT)


US military plunges Aquino into crisis (Fri 20 Mar 2015 11:00:00 GMT)


Rahmon celebrates Tajik democracy (Fri 20 Mar 2015 11:00:00 GMT)


THE BEAR'S LAIR Being old in 2040 no fun (Fri 20 Mar 2015 11:00:00 GMT)


China grant boosts Nepal ties (Fri 20 Mar 2015 11:00:00 GMT)

more »


Site feed Updated: 2015-Oct-09 03:00