tungwaiyip.info

home

about me

links

my software

Media

Yucatán Photos

St Lucia Photos

Photo Album

Videos

Blog

< May 2012 >
SuMoTuWeThFrSa
   1 2 3 4 5
6 7 8 9101112
13141516171819
20212223242526
2728293031  

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

&D\anger'"+<b>@?!mb Against Code Injection

I have to build my web app against code injection. I find that the problem requires us to see input string used in several different context.

  • In HTML/XML as text.
  • In HTML/XML as an attribute inside the quote.
  • In URL as query parameter.
  • In JavaScript to dynamically create or edit DOM elements.

In each context, there are different rule in escaping them. Since the data can move from one context to another, they have to be properly escaped in all cases.

To help test for proper escaping, I have come up with a string that has lots of special characters below. Put it in your test database and paste it in your input fields. Observe if this causes problem anywhere. In properly escaped system, the string should be transfered and reconstructed verbatim.

  &D\anger'"+<b>@?!mb

A related issue is whether your code support unicode correctly. I find it helpful to insert a string below into the test data to test it out right from the beginning.

  \u4e09\u570b\u5fd7 or
  三國志

2012.05.01 [] - comments

 

 

blog comments powered by Disqus

past articles »

 

BBC News

 

'Russian troops deployed' in Ukraine (28 Aug 2014)

 

IS 'kills dozens of Syrian soldiers' (28 Aug 2014)

 

Ebola spreads to Nigeria oil hub (28 Aug 2014)

 

Missing plane search area refined (28 Aug 2014)

 

Iceland examines volcano 'cauldrons' (28 Aug 2014)

 

France urges special Libya support (28 Aug 2014)

 

FBI probe JP Morgan 'cyber-attack' (28 Aug 2014)

 

Turkey's Erdogan to be inaugurated (28 Aug 2014)

 

Pitt and Jolie wedding announced (28 Aug 2014)

 

Tomatoes linked with fighting cancer (27 Aug 2014)

more »

 

Slashdot News for nerds, stuff that matters

 

Google Wins .3 Million From Patent Troll (2014-08-28T13:25:00Z)

 

FBI Investigates 'Sophisticated' Cyber Attack On JP Morgan, 4 More US Banks (2014-08-28T12:44:00Z)

 

Indiana University Researchers Get Million Grant To Study Memes (2014-08-28T12:05:00Z)

 

Euro Bank Santander Commissions Study On Bitcoin's Impact On Banking (2014-08-28T09:32:00Z)

 

African States Aim To Improve Internet Interconnections (2014-08-28T08:14:00Z)

 

Fake NVIDIA Graphics Cards Show Up In Germany (2014-08-28T07:07:00Z)

 

NASA Telescopes Uncover Early Construction of Giant Galaxy (2014-08-28T04:30:00Z)

 

Fish Raised On Land Give Clues To How Early Animals Left the Seas (2014-08-28T02:04:00Z)

more »

 

TechPsychic Tech Rumors and Invented News

more »

 

SF Gate

 

Bay Area News (7 Jan 2012)

 

City Insider (11 Feb 2012)

 

Crime Scene (13 Feb 2012)

 

C.W Newius Column (10 Jan 2012)

 

C.W. Nevius Blog (11 Feb 2012)

 

Education News (10 Jan 2012)

 

KALW (11 Feb 2012)

 

Matier and Ross Blog (11 Feb 2012)

 

GM moves production of Cadillac SRX to Tennessee (28 Aug 2014)

 

Ship traffic for Aug. 28 (28 Aug 2014)

 

Alibaba profit triples ahead of IPO (28 Aug 2014)

 

Snapchat valuation could hit billion (28 Aug 2014)

 

Bloomberg briefing (28 Aug 2014)

 

Sources reporting hacking of banks (27 Aug 2014)

more »

 

Asia Times Online

 

US looks for help against IS in Syria (Wed 27 Aug 2014 11:00:00 GMT)

 

Islamabad: Shades of Tahrir Square (Wed 27 Aug 2014 11:00:00 GMT)

 

Why Gaza was betrayed (Wed 27 Aug 2014 11:00:00 GMT)

 

SPENGLER Some of my best friends are Straussians (Wed 27 Aug 2014 11:00:00 GMT)

 

North Korea leery of Chinese TV sets (Wed 27 Aug 2014 11:00:00 GMT)

 

China coal projects spark climate fears (Wed 27 Aug 2014 11:00:00 GMT)

 

THE BEAR'S LAIR Nosebleed time again (Wed 27 Aug 2014 11:00:00 GMT)

more »

 


Site feed Updated: 2014-Aug-28 07:00