tungwaiyip.info

home

about me

links

my software

Media

Yucatán Photos

St Lucia Photos

Photo Album

Videos

Blog

< May 2012 >
SuMoTuWeThFrSa
   1 2 3 4 5
6 7 8 9101112
13141516171819
20212223242526
2728293031  

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

&D\anger'"+<b>@?!mb Against Code Injection

I have to build my web app against code injection. I find that the problem requires us to see input string used in several different context.

  • In HTML/XML as text.
  • In HTML/XML as an attribute inside the quote.
  • In URL as query parameter.
  • In JavaScript to dynamically create or edit DOM elements.

In each context, there are different rule in escaping them. Since the data can move from one context to another, they have to be properly escaped in all cases.

To help test for proper escaping, I have come up with a string that has lots of special characters below. Put it in your test database and paste it in your input fields. Observe if this causes problem anywhere. In properly escaped system, the string should be transfered and reconstructed verbatim.

  &D\anger'"+<b>@?!mb

A related issue is whether your code support unicode correctly. I find it helpful to insert a string below into the test data to test it out right from the beginning.

  \u4e09\u570b\u5fd7 or
  三國志

2012.05.01 [] - comments

 

 

blog comments powered by Disqus

past articles »

 

BBC News

 

MH17 bodies out of rebel area (22 Jul 2014)

 

UN chief: 'Start talking' over Gaza (22 Jul 2014)

 

US court deals setback to Obamacare (22 Jul 2014)

 

Poisoned spy death inquiry announced (22 Jul 2014)

 

Call to end FGM 'in this generation' (22 Jul 2014)

 

Joko Widodo wins Indonesia poll (22 Jul 2014)

 

'Foreigners' killed in Kabul attack (22 Jul 2014)

 

Nigerian leader meets girls' parents (22 Jul 2014)

 

Real Madrid seal Rodriguez signing (22 Jul 2014)

 

Turkish police held in wiretap probe (22 Jul 2014)

more »

 

Slashdot News for nerds, stuff that matters

 

Exodus Intelligence Details Zero-Day Vulnerabilities In Tails OS (2014-07-22T16:10:00Z)

 

Netflix Reduces Physical-Disc Processing, Keeps Prices the Same (2014-07-22T15:29:00Z)

 

NVIDIA Launches Tegra K1-Based SHIELD Tablet, Wireless Controller (2014-07-22T14:47:00Z)

 

AirMagnet Wi-Fi Security Tool Takes Aim At Drones (2014-07-22T14:07:00Z)

 

MIT' Combines Carbon Foam and Graphite Flakes For Efficient Solar Steam Generati (2014-07-22T13:26:00Z)

 

MIT' Combines Carbon Foam and Graphite Flakes For Efficient Solar Steam Generation (2014-07-22T13:26:00Z)

 

For Now, UK Online Pirates Will Get 4 Warnings -- And That's It (2014-07-22T12:47:00Z)

 

A New Form of Online Tracking: Canvas Fingerprinting (2014-07-22T12:06:00Z)

more »

 

TechPsychic Tech Rumors and Invented News

more »

 

SF Gate

 

Bay Area News (7 Jan 2012)

 

City Insider (11 Feb 2012)

 

Crime Scene (13 Feb 2012)

 

C.W Newius Column (10 Jan 2012)

 

C.W. Nevius Blog (11 Feb 2012)

 

Education News (10 Jan 2012)

 

KALW (11 Feb 2012)

 

Matier and Ross Blog (11 Feb 2012)

 

Make sure your homeowner's exemption hasn't disappeared (21 Jul 2014)

 

Allergan cutting 1,500 jobs (21 Jul 2014)

 

Yahoo buying S.F.'s Flurry for over million (21 Jul 2014)

 

Fed rate hikes unlikely to hurt bonds, experts predict (21 Jul 2014)

 

Netflix's earnings soar as subscribers top 50 million (21 Jul 2014)

 

Tesla shutting Fremont plant to retool (21 Jul 2014)

more »

 

Asia Times Online

 

The charge of the Atlanticist Brigade (Tue 22 Jul 2014 11:00:00 GMT)

 

JOHN PILGER Orwell alive in Palestine, Ukraine (Tue 22 Jul 2014 11:00:00 GMT)

 

Hardliners maneuver over Iran talks extension (Tue 22 Jul 2014 11:00:00 GMT)

 

How US policies sealed Iraq's fate (Tue 22 Jul 2014 11:00:00 GMT)

 

Losses mount in China loan fraud (Tue 22 Jul 2014 11:00:00 GMT)

 

THE BEAR'S LAIR World War I still bad news (Tue 22 Jul 2014 11:00:00 GMT)

more »

 


Site feed Updated: 2014-Jul-22 10:00