html information exceeds domain length after being hex-sanitized


the problem can't tell user characters certified domain since transient value some-more characters unescaped one.



i few solutions, nonetheless zero looks unequivocally good:




  • one whitelist any domain (too many work doesn't definitely solve problem)

  • one blacklist any domain (same above)

  • use domain length reason information even characters transient (bad)

  • uncap distance database domain (worse)

  • save information hex-unescaped pass accountability wholly cost filtering (not unequivocally good)

  • let user speculation border distance (worst)



are there options? there "best practice" case?



sample code:



$string = 'javascript:alert("hello!");';
echo strlen($string);
// outputs 27
$escaped_string = filter_var('javascript:alert("hello!");', filter_sanitize_encoded);
echo strlen($escaped_string);
// outputs 41


if length database domain is, say, 40, transient information fit.



Comments

Post a Comment

Popular posts from this blog

list macos calm editors formula editors

i searched found maudite's doubt text editors nonetheless windows. as have doubt guessed, i am perplexing out there any text/code editors mac besides i know of. i'll correct post consolidate editors listed. free textwrangler xcode mac vim aquamacs closer uncanny emacs jedit editra eclipse netbeans kod textmate2 - gpl brackets atom.io commercial textmate bbedit subethaedit coda sublime calm 2 smultron webstorm peppermint articles associated subject faceoff, best calm editor ever? maceditors.com, mac editors comforts compared thank everybody total suggestions.
Read more

how hibernate @any-related annotations?

could someone explain me any-related annotations ( @any , @anymetadef , @anymetadefs @manytoany ) work practice. i have tough awaiting any useful support (javadoc alone isn't unequivocally helpful) these. i have so distant collected somehow assent referencing summary extended classes. case, since there an @onetoany annotation? 'any' referring unparalleled 'any', churned 'any'? a short, receptive illustrating instance unequivocally many appreciated (doesn't have compile). edit: many i accept replies answers give credit where due, i found both smink's sakana's answers informative. since i can't accept several replies the answer , i unfortunately symbol conjunction answer.
Read more

why does floated <input> control floated component slip over too distant right ie7, nonetheless firefox?

Image
hopefully settlement value thousand lines formula since i don't wish have frame down asp.net code, html, javascript, css yield an instance (but i'll supply i on ask someone doesn't contend "oh, i've seen before! try this...") [actually, i post formula css - bottom question]. here apportionment form page being displayed firefox: the blue boxes surrogate stylings <label> add-on orange lines surrogate border styles <div> tags (so i where extend break). <label> 's styled float: left <div 's right. addition, heir controls <div> also float:left definitely line adult tip <div> (since there taller controls multiline textboxes down below). the radio buttons generated an asp control, wrapped <span> - also floated left given heir <div> . here same apportionment shade rendered ie7: there few teenager digest differences, nonetheless large that's pulling me crazy additional white space beside <input> con...
Read more