sanitization

来源： https://stackoverflow.com/questions/32577959/what-is-the-difference-between-sanitizing-and-validation-in-php

来源： https://stackoverflow.com/questions/32577959/what-is-the-difference-between-sanitizing-and-validation-in-php

来源： https://stackoverflow.com/questions/32577959/what-is-the-difference-between-sanitizing-and-validation-in-php

问题 In a unit test to just create (instantiate) a component that has a DomSanitizer dependency, how does one mock / stub this dependency? Because DomSanitizer is an Abstract class, I have no idea what the method signature of bypassSecurityTrustHtml really looks like. And if it's not intended to mock / stub DomSanitizer , how should one proceed to inject the actual implementation iso the abstract class? actual statement in the component looks like: this.trustedString = <string>this.domSanitizer

问题 I'm writing an application for the iPhone that communicates with a SQLite database but I'm running into a small problem. Whenever I try to query information based on a condition that contains an apostrophe, no results are returned.... even if a result that matches the requested condition exists. Let me give some specifics... SQLite Table Row--Column1--Column2--------- Test Data - 001 User's Data - 002 Objective-C Code //Create the sql statement sqlite3_stmt *sqlStatement; //Create the name of

问题 User equals untrustworthy. Never trust untrustworthy user's input. I get that. However, I am wondering when the best time to sanitize input is. For example, do you blindly store user input and then sanitize it whenever it is accessed/used, or do you sanitize the input immediately and then store this "cleaned" version? Maybe there are also some other approaches I haven't though of in addition to these. I am leaning more towards the first method, because any data that came from user input must

问题 In an application that accepts, stores, processes, and displays Unicode text (for the purpose of discussion, let's say that it's a web application), which characters should always be removed from incoming text? I can think of some, mostly listed in the C0 and C1 control codes Wikipedia article: The range 0x00 - 0x19 (mostly control characters), excluding 0x09 (tab), 0x0A (LF), and 0x0D (CR) The range 0x7F - 0x9F (more control characters) Ranges of characters that can safely be accepted would

问题 I am looking at starting a hosted CMS-like service for customers. As it would, it would require the customer to input text which would be served up to anyone that comes to visit their site. I am planning on using Markdown, possibly in combination with WMD (the live markdown preview that SO uses) for the big blocks of text. Now, should I be sanitizing their input for html? Given that there would only be a handful of people editing their 'CMS', all paying customers, should i be stripping out

问题 I currently have a controller capturing some html from TinyMCE on the front end. If I tinker with firebug it is possible to submit script tags and inject alert messages etc on to the screen. edit: Currently I am fixing this in the model by using the sanitize helper: require 'action_view' class NotesController < AuthApplicationController include ActionView::Helpers::SanitizeHelper ... def update params[:note][:content] = sanitize(params[:note][:content], :tags => %w(a object p param h1 h2 h3

问题 I'm looking for the best way to take a simple input: echo -n "Enter a string here: " read -e STRING and clean it up by removing non-alphanumeric characters, lower(case), and replacing spaces with underscores. Does order matter? Is tr the best / only way to go about this? 回答1: As dj_segfault points out, the shell can do most of this for you. Looks like you'll have to fall back on something external for lower-casing the string, though. For this you have many options, like the perl one-liners