2015年10月11日 星期日

Input Validation and Sanitization

When validating input, the supplied input must at a bare minimum be validated for:

1. data type
2. range
3. length
4, format
5. values
6. alternate representations of a standard (canonical) form

Sanitization an be accomplished using any one of the following methods:

1.  Stripping: Remove harmful characters from user supplied input
2, Substitution: Replacing user supplied input with safer alternatives. ex: encode
3. Literalization: Using properties that render the user supplied input to be treat as a literal form.  ec. use innerText instead of innerHTML

沒有留言:

張貼留言