Sanitize user input: Difference between revisions

Content added Content deleted
(→‎{{header|Phix}}: clarified sqlite3_bind_text and added rm -rf not practical note)
m (→‎{{header|Phix}}: or whitelist as per Raku)
Line 22: Line 22:
Given some suspect [Phix] source code to be run, it is simply not practical to cover cases such as system(rot13(reverse("se- ze"))) or any of the other myriad ways in which harmful content could be disguised. In case you have not guessed, that would execute "rm -rf", assuming the code also contains a working rot13() implementation.
Given some suspect [Phix] source code to be run, it is simply not practical to cover cases such as system(rot13(reverse("se- ze"))) or any of the other myriad ways in which harmful content could be disguised. In case you have not guessed, that would execute "rm -rf", assuming the code also contains a working rot13() implementation.


Of course you could block all use, even legitimate, of things like system(), as covered by [[Safe_mode]] and [[Untrusted_environment]].
Of course you could block all use, even legitimate, of things like system(), as covered by [[Safe_mode]] and [[Untrusted_environment]], or whitelist as per the Raku entry below.


The inverse problem recently arose in p2js, whereby otherwise perfectly
The inverse problem recently arose in p2js, whereby otherwise perfectly