html information exceeds domain length after being hex-sanitized


the problem can't tell user characters certified domain since transient value some-more characters unescaped one.



i few solutions, nonetheless zero looks unequivocally good:




  • one whitelist any domain (too many work doesn't definitely solve problem)

  • one blacklist any domain (same above)

  • use domain length reason information even characters transient (bad)

  • uncap distance database domain (worse)

  • save information hex-unescaped pass accountability wholly cost filtering (not unequivocally good)

  • let user speculation border distance (worst)



are there options? there "best practice" case?



sample code:



$string = 'javascript:alert("hello!");';
echo strlen($string);
// outputs 27
$escaped_string = filter_var('javascript:alert("hello!");', filter_sanitize_encoded);
echo strlen($escaped_string);
// outputs 41


if length database domain is, say, 40, transient information fit.



Comments

Post a Comment

Popular posts from this blog

list macos calm editors formula editors

i searched found maudite's doubt text editors nonetheless windows. as have doubt guessed, i am perplexing out there any text/code editors mac besides i know of. i'll correct post consolidate editors listed. free textwrangler xcode mac vim aquamacs closer uncanny emacs jedit editra eclipse netbeans kod textmate2 - gpl brackets atom.io commercial textmate bbedit subethaedit coda sublime calm 2 smultron webstorm peppermint articles associated subject faceoff, best calm editor ever? maceditors.com, mac editors comforts compared thank everybody total suggestions.
Read more

how i practical urls indicate .aspx pages asp.net deployed an iis? (preferably but iis)

what's best proceed good purify url structure smoke-stack yield has? do i need iis this? there proceed i arrange mapping record asp .net? the site i wish hundreds pages, already deployed. i slight requires slightest volume changes possible. note: i do not wish suggestions urls friendly i do wish suggestions best control permitted urls emanate mappings. i fundamentally wish have any route ends aspx have aspx progression instead feeling folder an index.aspx inside it. -> edit: i'm controlling iis 6.0
Read more

jaxb - xjc - reworking generated typesafe enum category members

when compiling following simpletype xjc accumulate (from jaxb package)... <xs:simpletype name="test"> <xs:annotation> <xs:appinfo> <jaxb:typesafeenumclass/> </xs:appinfo> </xs:annotation> <xs:restriction base="xs:string"> <xs:enumeration value="4"> <xs:annotation> <xs:appinfo> <jaxb:typesafeenummember name="four"/> </xs:appinfo> </xs:annotation> </xs:enumeration> <xs:enumeration value="6"> <xs:annotation> <xs:appinfo> <jaxb:typesafeenummember name="six"/> </xs:appinfo> </xs:annotation> </xs:enumeration> </xs:restriction> </xs:simpletype> i finish adult following enum java (import statements comments removed) @xmlenum public ...
Read more