about me



Yucatán Photos

St Lucia Photos

Photo Album



< May 2012 >
   1 2 3 4 5
6 7 8 9101112

past articles »

Click for San Francisco, California Forecast

San Francisco, USA


&D\anger'"+<b>@?!mb Against Code Injection

I have to build my web app against code injection. I find that the problem requires us to see input string used in several different context.

  • In HTML/XML as text.
  • In HTML/XML as an attribute inside the quote.
  • In URL as query parameter.
  • In JavaScript to dynamically create or edit DOM elements.

In each context, there are different rule in escaping them. Since the data can move from one context to another, they have to be properly escaped in all cases.

To help test for proper escaping, I have come up with a string that has lots of special characters below. Put it in your test database and paste it in your input fields. Observe if this causes problem anywhere. In properly escaped system, the string should be transfered and reconstructed verbatim.


A related issue is whether your code support unicode correctly. I find it helpful to insert a string below into the test data to test it out right from the beginning.

  \u4e09\u570b\u5fd7 or

2012.05.01 [] - comments



blog comments powered by Disqus

past articles »


BBC News


Obama: Hiroshima memory must not fade (27 May 2016)


'Mass rape' video shocks Brazil (27 May 2016)


23 test positive from London Olympics (27 May 2016)


N Korea 'could be linked to bank heists' (27 May 2016)


Australia removed from UN climate report (27 May 2016)


Teen cancer death rate causes alarm (27 May 2016)


Turkish fury at US commando photos (27 May 2016)


Google defeats Oracle in Java code case (26 May 2016)


Hollande 'won't back down' over protests (27 May 2016)


France boss to sue Cantona over race row (27 May 2016)

more »


SF Gate


Bay Area News (7 Jan 2012)


City Insider (11 Feb 2012)


Crime Scene (13 Feb 2012)


C.W Newius Column (10 Jan 2012)


C.W. Nevius Blog (11 Feb 2012)


Education News (10 Jan 2012)


KALW (11 Feb 2012)


Matier and Ross Blog (11 Feb 2012)


Business News Roundup, May 27 (26 May 2016)


Volkswagen challenges Justice Department suit in emissions case (26 May 2016)


Google wins over Oracle in Java copyright case (26 May 2016)


Fitbit accuracy called into question in lawsuit (26 May 2016)


Gawker up for sale, big wind energy IPO, trans-Atlantic cable (26 May 2016)


Your current job may send wrong signal to future employers (26 May 2016)

more »


Site feed Updated: 2016-May-27 07:00