Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Do you whitelist or blacklist utf-8?
- Date: Wed, 23 Feb 2011 09:09:57 +0100
- From: Josh Glover <jmglov@example.com>
- Subject: Re: [tlug] Do you whitelist or blacklist utf-8?
- References: <4D639689.1010302@example.com> <4D63EFBC.1020900@example.com>
On 22 February 2011 18:17, Shmuel Fomberg <owner@example.com> wrote: > if your encoding is utf-8, you can write a tight loop that examine the MSB > of a byte, and pass this byte if it is set. else - whitelist / blacklist > this byte. I'd advise going with a library to do this. Ones chances of getting it right on the first try are vanishingly small, but open source libraries that are in wide use for sanitising HTML are likely to be reasonably good by now. > IMHO, only whitelist. +1 > Of course, all this is not excuse for not using pre-compiled SQL queries > with placeholders, or whatever they are called in PHP. +2 -- Cheers, Josh
- Follow-Ups:
- Re: [tlug] Do you whitelist or blacklist utf-8?
- From: Stephen J. Turnbull
- Re: [tlug] Do you whitelist or blacklist utf-8?
- References:
- [tlug] Do you whitelist or blacklist utf-8?
- From: Dave M G
- Re: [tlug] Do you whitelist or blacklist utf-8?
- From: Shmuel Fomberg
- [tlug] Do you whitelist or blacklist utf-8?
- Prev by Date: Re: [tlug] Do you whitelist or blacklist utf-8?
- Next by Date: Re: [tlug] Solaris tar: how to pre-pend a parent directory?
- Previous by thread: Re: [tlug] Coverity Scan
- Next by thread: Re: [tlug] Do you whitelist or blacklist utf-8?
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |