Sanitize user input: Difference between revisions
Content added Content deleted
(→{{header|Phix}}: clarified sqlite3_bind_text and added rm -rf not practical note) |
m (→{{header|Phix}}: or whitelist as per Raku) |
||
Line 22: | Line 22: | ||
Given some suspect [Phix] source code to be run, it is simply not practical to cover cases such as system(rot13(reverse("se- ze"))) or any of the other myriad ways in which harmful content could be disguised. In case you have not guessed, that would execute "rm -rf", assuming the code also contains a working rot13() implementation. |
Given some suspect [Phix] source code to be run, it is simply not practical to cover cases such as system(rot13(reverse("se- ze"))) or any of the other myriad ways in which harmful content could be disguised. In case you have not guessed, that would execute "rm -rf", assuming the code also contains a working rot13() implementation. |
||
Of course you could block all use, even legitimate, of things like system(), as covered by [[Safe_mode]] and [[Untrusted_environment]]. |
Of course you could block all use, even legitimate, of things like system(), as covered by [[Safe_mode]] and [[Untrusted_environment]], or whitelist as per the Raku entry below. |
||
The inverse problem recently arose in p2js, whereby otherwise perfectly |
The inverse problem recently arose in p2js, whereby otherwise perfectly |