about me



Yucatán Photos

St Lucia Photos

Photo Album



< May 2012 >
   1 2 3 4 5
6 7 8 9101112

past articles »

Click for San Francisco, California Forecast

San Francisco, USA


&D\anger'"+<b>@?!mb Against Code Injection

I have to build my web app against code injection. I find that the problem requires us to see input string used in several different context.

  • In HTML/XML as text.
  • In HTML/XML as an attribute inside the quote.
  • In URL as query parameter.
  • In JavaScript to dynamically create or edit DOM elements.

In each context, there are different rule in escaping them. Since the data can move from one context to another, they have to be properly escaped in all cases.

To help test for proper escaping, I have come up with a string that has lots of special characters below. Put it in your test database and paste it in your input fields. Observe if this causes problem anywhere. In properly escaped system, the string should be transfered and reconstructed verbatim.


A related issue is whether your code support unicode correctly. I find it helpful to insert a string below into the test data to test it out right from the beginning.

  \u4e09\u570b\u5fd7 or

2012.05.01 [] - comments



blog comments powered by Disqus

past articles »


BBC News


Calais 'Jungle' children with nowhere to sleep (26 Oct 2016)


Injuries at Venezuela protests against President Maduro (26 Oct 2016)


US liver donor marries woman whose life he saved (26 Oct 2016)


Italy earthquakes: Strong tremors shake central region (27 Oct 2016)


World wildlife 'falls by 58% in 40 years' (26 Oct 2016)


HIV Patient Zero cleared by science (26 Oct 2016)


Migrant deaths in Mediterranean hit record in 2016 - UN (26 Oct 2016)


Oklahoma manhunt for live-streaming homicides suspect (26 Oct 2016)


Al-Qaeda leader 'targeted by US drone strike in Afghanistan' (26 Oct 2016)


Russian warships: Spain says refuelling request withdrawn (26 Oct 2016)

more »


SF Gate


Bay Area News (7 Jan 2012)


City Insider (11 Feb 2012)


Crime Scene (13 Feb 2012)


C.W Newius Column (10 Jan 2012)


C.W. Nevius Blog (11 Feb 2012)


Education News (10 Jan 2012)


KALW (11 Feb 2012)


Matier and Ross Blog (11 Feb 2012)


Tesla reports second quarterly profit ever (26 Oct 2016)


Lexus, Toyota and Buick most reliable in auto survey (26 Oct 2016)


Google’s Alphabet fails at keeping executives in the house (26 Oct 2016)


Sunrun to offer solar panels plus batteries with LG Chem (26 Oct 2016)


Twitter layoffs part of massive cuts in tech (26 Oct 2016)


Health care costs rise slowly for those who get insurance at work (26 Oct 2016)

more »


Site feed Updated: 2016-Oct-26 18:00