Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Do you whitelist or blacklist utf-8?



On 22 February 2011 18:17, Shmuel Fomberg <owner@example.com> wrote:

> if your encoding is utf-8, you can write a tight loop that examine the MSB
> of a byte, and pass this byte if it is set. else - whitelist / blacklist
> this byte.

I'd advise going with a library to do this. Ones chances of getting it
right on the first try are vanishingly small, but open source
libraries that are in wide use for sanitising HTML are likely to be
reasonably good by now.

> IMHO, only whitelist.

+1

> Of course, all this is not excuse for not using pre-compiled SQL queries
> with placeholders, or whatever they are called in PHP.

+2

-- 
Cheers,
Josh


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links