When validating input, the supplied input must at a bare minimum be validated for:
1. data type
2. range
3. length
4, format
5. values
6. alternate representations of a standard (canonical) form
Sanitization an be accomplished using any one of the following methods:
1. Stripping: Remove harmful characters from user supplied input
2, Substitution: Replacing user supplied input with safer alternatives. ex: encode
3. Literalization: Using properties that render the user supplied input to be treat as a literal form. ec. use innerText instead of innerHTML
沒有留言:
張貼留言