| ▲ | arkh 7 months ago | |||||||
You sanitize at the frontier of what your code controls. Sending data to a database: parametrized queries to sanitize as it is leaving your control. Sending to display to the user: sanitized for a browser Sending to an API: sanitize for whatever rules the API has Sending to a legacy system: sanitize for it Writing a file to the system: sanitize the path The common point is you don't sanitize before you have to send it somewhere. And the advantage of this method is that you limit the chances of getting bit by reflected injections. You interrogate some API you don't control, you may just get malicious content, but you sanitize when sending it so all is good. Because you're sanitizing on output and not on input. | ||||||||
| ▲ | account42 7 months ago | parent | next [-] | |||||||
What if the legacy API doesn't support escaping? Just drop characters? Implement your own ad-hoc transform? What if you need to interoperate with other API users. Limting the character set at name input gives the user the chance to use the same ASCII-encoding of their name in all places. | ||||||||
| ▲ | shaky-carrousel 7 months ago | parent | prev [-] | |||||||
Be liberal in what you accept, and conservative in what you send. | ||||||||
| ||||||||