tungwaiyip.info

home

about me

links

my software

Media

Yucatán Photos

St Lucia Photos

Photo Album

Videos

Blog

< May 2012 >
SuMoTuWeThFrSa
   1 2 3 4 5
6 7 8 9101112
13141516171819
20212223242526
2728293031  

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

&D\anger'"+<b>@?!mb Against Code Injection

I have to build my web app against code injection. I find that the problem requires us to see input string used in several different context.

  • In HTML/XML as text.
  • In HTML/XML as an attribute inside the quote.
  • In URL as query parameter.
  • In JavaScript to dynamically create or edit DOM elements.

In each context, there are different rule in escaping them. Since the data can move from one context to another, they have to be properly escaped in all cases.

To help test for proper escaping, I have come up with a string that has lots of special characters below. Put it in your test database and paste it in your input fields. Observe if this causes problem anywhere. In properly escaped system, the string should be transfered and reconstructed verbatim. 

  &D\anger'"+<b>@?!mb

A related issue is whether your code support unicode correctly. I find it helpful to insert a string below into the test data to test it out right from the beginning. 

  \u4e09\u570b\u5fd7 or
  三國志

2012.05.01 [] - comments

 

 

blog comments powered by Disqus

past articles »

  

Kontagent

Kontagent is hiring software engineers

BBC News

 

Multiple car bomb attacks hit Iraq (20 May 2013)

 

India and China pledge on border row (20 May 2013)

 

Tourists die in Turkey balloon crash (20 May 2013)

 

Fierce battle for key Syrian town (20 May 2013)

 

Deadly tornadoes ravage Oklahoma (20 May 2013)

 

China asks N Korea to free boat crew (20 May 2013)

 

Business leaders attack Eurosceptics (20 May 2013)

 

Congo clashes as UN force deploys (20 May 2013)

 

Deadly Ghana 'holy water' stampede (20 May 2013)

 

Yahoo to buy Tumblr for .1bn (20 May 2013)

more »

 

Slashdot News for nerds, stuff that matters

 

Dark Matter, WIMPS, and NASA's Alpha Magnetic Spectrometer Data (2013-05-20T13:32:00Z)

 

Open Source Projects For Beginners (2013-05-20T12:49:00Z)

 

NWS Announces Big Computer Upgrade (2013-05-20T12:04:00Z)

 

Mageia 3 Released (2013-05-20T09:00:00Z)

 

Music and Movies Could Trigger Mobile Malware (2013-05-20T06:03:00Z)

 

Ask Slashdot: Wiring Home Furniture? (2013-05-20T03:08:00Z)

 

Medical Firm Sues IRS For 4th Amendment Violation In Records Seizure (2013-05-20T00:05:00Z)

 

Military Dolphins Discover 1800s Torpedo (2013-05-19T23:07:00Z)

more »

 

TechPsychic Tech Rumors and Invented News

more »

 

SF Gate

 

Bay Area News (7 Jan 2012)

 

City Insider (11 Feb 2012)

 

Crime Scene (13 Feb 2012)

 

C.W Newius Column (10 Jan 2012)

 

C.W. Nevius Blog (11 Feb 2012)

 

Education News (10 Jan 2012)

 

KALW (11 Feb 2012)

 

Matier and Ross Blog (11 Feb 2012)

 

The best personal fitness gadgets (20 May 2013)

 

State unemployment rate drops to 9 percent (17 May 2013)

 

EDD cuts back phone help to the jobless (17 May 2013)

 

Bay Area median home price hits ,000 (16 May 2013)

 

Best Bluetooth accessories (13 May 2013)

 

Fast Android gaming tablets: Cnet reviews (6 May 2013)

more »

 

Asia Times Online

 

Thein Sein heads to the White House (20 May 2013)

 

Myanmar needs a new nationalism (20 May 2013)

 

THE ROVING EYE : Assad talks, Russia walks (20 May 2013)

 

Assad counteroffensive reverberates loudly (20 May 2013)

 

SPENGLER : Syria's madness and ours (20 May 2013)

 

Are Kaesong curtains drawn for good? (20 May 2013)

 

SPEAKING FREELY : The decline of Malaysian apartheid (20 May 2013)

 

China's influence spreads to Atlantic (20 May 2013)

 

CREDIT BUBBLE BULLETIN : Financial euphoria (20 May 2013)

more »

 

Site feed Updated: 2013-May-20 07:00