Re: [tlug] Do you whitelist or blacklist utf-8?

[Shmuel Fomberg <owner@example.com>]

Hi Dave.


On 2011/02/23 10:31, Dave M G wrote:

> Shmuel, I'd love to do a white list on my utf-8 strings... however, it
> seems like it's really tough to set up a white list that doesn't refuse
> any non-latin characters. I saw one page that showed regular expressions
> for filtering by languages... but you had to set up a huge array to
> account for every single language.
I think that every character that is above the ascii range can be safely 
passed.
So you don't need a huge array. just small one.

> What to people do when they want to ensure Japanese text is free of any
> XSS-capable characters
All that I wrote was about SQL-injection. XSS is one layer above the 
individual characters.
but first you need to tell us something about your data. is the user 
allowed to enter HTML tags?
or are you using different mark-down scheme?

Shmuel.