tungwaiyip.info

home

about me

links

my software

Media

Yucatán Photos

St Lucia Photos

Photo Album

Videos

Blog

< May 2012 >
SuMoTuWeThFrSa
   1 2 3 4 5
6 7 8 9101112
13141516171819
20212223242526
2728293031  

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

&D\anger'"+<b>@?!mb Against Code Injection

I have to build my web app against code injection. I find that the problem requires us to see input string used in several different context.

  • In HTML/XML as text.
  • In HTML/XML as an attribute inside the quote.
  • In URL as query parameter.
  • In JavaScript to dynamically create or edit DOM elements.

In each context, there are different rule in escaping them. Since the data can move from one context to another, they have to be properly escaped in all cases.

To help test for proper escaping, I have come up with a string that has lots of special characters below. Put it in your test database and paste it in your input fields. Observe if this causes problem anywhere. In properly escaped system, the string should be transfered and reconstructed verbatim.

  &D\anger'"+<b>@?!mb

A related issue is whether your code support unicode correctly. I find it helpful to insert a string below into the test data to test it out right from the beginning.

  \u4e09\u570b\u5fd7 or
  三國志

2012.05.01 [] - comments

 

 

blog comments powered by Disqus

past articles »

 

BBC News

 

Police 'foil Melbourne terror plot' (18 Apr 2015)

 

Many dead in Afghanistan bank blast (18 Apr 2015)

 

Publisher sued over Goebbels diaries (18 Apr 2015)

 

I will miss Top Gear, says Clarkson (18 Apr 2015)

 

Dozens held after fresh SA violence (18 Apr 2015)

 

Saudis meet Yemen aid call (18 Apr 2015)

 

Tributes to Everest avalanche dead (18 Apr 2015)

 

Ukraine rebel in ceasefire warning (18 Apr 2015)

 

Attack on UN Mali convoy kills two (18 Apr 2015)

 

Six released in Syria 'terror' probe (18 Apr 2015)

more »

 

Slashdot News for nerds, stuff that matters

 

Hacked Sony Emails Reveal That Sony Had Pirated Books About Hacking (2015-04-18T13:28:00+00:00)

 

Twitter Moves Non-US Accounts To Ireland, and Away From the NSA (2015-04-18T12:31:00+00:00)

 

Google Ready To Unleash Thousands of Balloons In Project Loon (2015-04-18T11:18:00+00:00)

 

The Origin of the First Light In the Universe (2015-04-18T08:31:00+00:00)

 

Google Adds Handwriting Input To Android (2015-04-18T05:38:00+00:00)

 

Incorrectly Built SLS Welding Machine To Be Rebuilt (2015-04-18T02:42:00+00:00)

 

Columbia University Doctors Ask For Dr. Mehmet Oz's Dismissal (2015-04-17T23:45:00+00:00)

 

Drought and Desertification: How Robots Might Help (2015-04-17T23:44:00+00:00)

more »

 

TechPsychic Tech Rumors and Invented News

more »

 

SF Gate

 

Bay Area News (7 Jan 2012)

 

City Insider (11 Feb 2012)

 

Crime Scene (13 Feb 2012)

 

C.W Newius Column (10 Jan 2012)

 

C.W. Nevius Blog (11 Feb 2012)

 

Education News (10 Jan 2012)

 

KALW (11 Feb 2012)

 

Matier and Ross Blog (11 Feb 2012)

 

Boston Marathon champ Meb Keflezighi talks tech, training (18 Apr 2015)

 

Pot startup donates million in bid to legalize marijuana in CA (18 Apr 2015)

 

Daily Briefing, April 19 (18 Apr 2015)

 

Global finance leaders see economy getting stronger (18 Apr 2015)

 

Ellen Pao’s attorneys discuss trial, losing and sexism in tech (17 Apr 2015)

 

Daily Briefing, April 18 (17 Apr 2015)

more »

 

Asia Times Online

 

China ramps up charges against Zhou (Fri 20 Mar 2015 11:00:00 GMT)

 

'100 dead' in Myanmar fighting (Fri 20 Mar 2015 11:00:00 GMT)

 

Tunisian president vows no mercy (Fri 20 Mar 2015 11:00:00 GMT)

 

SPENGLER Israel's 'referendum' on 'two-state solution' (Fri 20 Mar 2015 11:00:00 GMT)

 

Russia, S Ossetia sign 'integration' pact (Fri 20 Mar 2015 11:00:00 GMT)

 

US military plunges Aquino into crisis (Fri 20 Mar 2015 11:00:00 GMT)

 

Rahmon celebrates Tajik democracy (Fri 20 Mar 2015 11:00:00 GMT)

 

THE BEAR'S LAIR Being old in 2040 no fun (Fri 20 Mar 2015 11:00:00 GMT)

 

China grant boosts Nepal ties (Fri 20 Mar 2015 11:00:00 GMT)

more »

 


Site feed Updated: 2015-Apr-18 09:00