tungwaiyip.info

home

about me

links

my software

Media

Yucatán Photos

St Lucia Photos

Photo Album

Videos

Blog

< May 2012 >
SuMoTuWeThFrSa
   1 2 3 4 5
6 7 8 9101112
13141516171819
20212223242526
2728293031  

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

&D\anger'"+<b>@?!mb Against Code Injection

I have to build my web app against code injection. I find that the problem requires us to see input string used in several different context.

  • In HTML/XML as text.
  • In HTML/XML as an attribute inside the quote.
  • In URL as query parameter.
  • In JavaScript to dynamically create or edit DOM elements.

In each context, there are different rule in escaping them. Since the data can move from one context to another, they have to be properly escaped in all cases.

To help test for proper escaping, I have come up with a string that has lots of special characters below. Put it in your test database and paste it in your input fields. Observe if this causes problem anywhere. In properly escaped system, the string should be transfered and reconstructed verbatim.

  &D\anger'"+<b>@?!mb

A related issue is whether your code support unicode correctly. I find it helpful to insert a string below into the test data to test it out right from the beginning.

  \u4e09\u570b\u5fd7 or
  三國志

2012.05.01 [] - comments

 

 

blog comments powered by Disqus

past articles »

 

BBC News

 

'Millions of Ebola vaccines' in 2015 (24 Oct 2014)

 

PM: I won't meet £1.7bn EU demand (24 Oct 2014)

 

Egypt: Sinai bomb kills 25 soldiers (24 Oct 2014)

 

Detained Myanmar reporter shot dead (24 Oct 2014)

 

Tunis 'militant hideout' stormed (24 Oct 2014)

 

Canada attack 'not linked to IS' (24 Oct 2014)

 

Sweden calls off search for sub (24 Oct 2014)

 

NY axe attack: Islamist link probed (24 Oct 2014)

 

Malaysia envoy sent to NZ over rape (24 Oct 2014)

 

The Queen sends her first tweet (24 Oct 2014)

more »

 

Slashdot News for nerds, stuff that matters

 

FTDI Removes Driver From Windows Update That Bricked Cloned Chips (2014-10-24T13:32:00Z)

 

Stem Cells Grown From Patient's Arm Used To Replace Retina (2014-10-24T12:50:00Z)

 

Detritus From Cancer Cells May Infect Healthy Cells (2014-10-24T12:07:00Z)

 

British Army Looking For Gamers For Their Smart-Tanks (2014-10-24T09:29:00Z)

 

Incapacitating Chemical Agents: Coming Soon To Local Law Enforcement? (2014-10-24T07:34:00Z)

 

NY Doctor Recently Back From West Africa Tests Positive For Ebola (2014-10-24T04:32:00Z)

 

Tracking a Bitcoin Thief (2014-10-24T02:04:00Z)

 

How Sony, Intel, and Unix Made Apple's Mac a PC Competitor (2014-10-24T01:10:00Z)

more »

 

TechPsychic Tech Rumors and Invented News

more »

 

SF Gate

 

Bay Area News (7 Jan 2012)

 

City Insider (11 Feb 2012)

 

Crime Scene (13 Feb 2012)

 

C.W Newius Column (10 Jan 2012)

 

C.W. Nevius Blog (11 Feb 2012)

 

Education News (10 Jan 2012)

 

KALW (11 Feb 2012)

 

Matier and Ross Blog (11 Feb 2012)

 

Chill out, Martha Stewart and Huffington tell entrepreneurs (24 Oct 2014)

 

Facebook’s Zuckerberg heads to China (23 Oct 2014)

 

Month’s unemployment claims at 14-year low (23 Oct 2014)

 

Giants winning big on revenue (23 Oct 2014)

 

Stupid apps, but not always a stupid idea (23 Oct 2014)

 

Mark Zuckerberg speaks Chinese, Beijing students cheer (23 Oct 2014)

more »

 

Asia Times Online

 

THE ROVING EYE The Kobani riddle (Fri 24 Oct 2014 11:00:00 GMT)

 

Lords rule Hong Kong's democracy dance (Fri 24 Oct 2014 11:00:00 GMT)

 

The importance of being exceptional (Fri 24 Oct 2014 11:00:00 GMT)

 

The US and selective support for separatism (Fri 24 Oct 2014 11:00:00 GMT)

 

COMMENT Uzbek president faults Soviet system, keeps relics (Fri 24 Oct 2014 11:00:00 GMT)

 

JOHN PILGER Whitlam and Australia's forgotten coup (Thu 23 Oct 2014 11:00:00 GMT)

 

SPEAKING FREELY Ideological dilemma grips Hong Kong (Fri 24 Oct 2014 11:00:00 GMT)

 

Rouble decline hits home in Central Asia (Fri 24 Oct 2014 11:00:00 GMT)

more »

 


Site feed Updated: 2014-Oct-24 09:00