sanitization

We send out registration urls to clients via email. Some of the email clients are turning the url into url <url> I think it may be happening when users forward the email onto themselves at which point the email client re-formats the original email (maybe) E.g. https://my.app.com/login.aspx?param=var Becomes https://my.app.com/login.aspx?param=var%20%3Chttps://my.app.com/login.aspx?param=var%3E Which rightly produces System.Web.HttpRequestValidationException: A potentially dangerous Request.QueryString value was detected Where in the code should I intercept these instances and santize the url

I have a PHP application. I allow users to upload files to my web application. Question : What's the best way for me to sanitize the file names of the uploaded documents $_FILES["filename"]["tmp_name"] in PHP? UPDATE : Can I take an MD5 of the uploaded filename and use that as the newly assigned filename? If so, how do I do that in PHP? I bet that you also store some information about the file in the database. If this is correct, then you can use the primary key (ID) as a filename on your server and preserve the original filename in the database. This gives you greater flexibility, because you

I am creating charts on the fly as SVGs using d3.js. These charts are dynamically generated based on the selections of authenticated users. Once these charts are generated, the user has the option to download the generated SVG as a PNG or PDF. The current workflow is the following: // JAVASC // get the element containing generated SVG var svg = document.getElementById("chart-container"); // Extract the data as SVG text string var svg_xml = (new XMLSerializer).serializeToString(svg); // Submit the <FORM> to the server. var form = document.getElementById("svgform"); form['output_format'].value =

Are there any thoroughly tested .NET libraries out there to sanitize input from things like script/sql injection? SQL injection and Cross-Site Scripting (a.k.a. XSS or Script Injection) are different problems. 1) SQL Injection is very easy, always use parametrized queries (SQLParameter) and try really hard to NEVER do sp_exec @query within T-SQL stored procedures. .Net parametrized queries will not protect against this second order injection. 2) XSS is more difficult to universally mitigate since there are so many places that JavaScript can be inserted into HTML documents. The recommendations

This question already has answers here : Best way to handle security and avoid XSS with user entered URLs (10 answers) The URL would be Saved to a MySQL database Used to display a picture on the user's profile would strip_tags() and mysql_real_escape_string() be enough? "Enough sanitization" thoroughly depends on what environment you're talking about. Sanitization for MySQL should be considered entirely separate from sanitization for web output, and you should handle them separately to avoid a lot of hassle. Sanitizing for MySQL mysql_real_escape_string() will sanitize a piece of data and make

The title may sound odd, but im kind of trying to set up this preg_replace that takes care of messy writers for a textarea. It has to: if there is an exclamation sign, there should not be another one in a row. if there is a ., the comma wins and it has to be , when there is one+ spaces before a coma, it should be reduced to nothing. the sentence cannot start or end with a comma. there should never be more than 2 of the same letters joined together. a space must be always present after a comma. E.g.: ,My house, which is green., is nice! My house..., which is green, is nice!!! My house ,which is

How do I find duplicate addresses in a database, or better stop people already when filling in the form ? I guess the earlier the better? Is there any good way of abstracting street, postal code etc so that typos and simple attempts to get 2 registrations can be detected? like: Quellenstrasse 66/11 Quellenstr. 66a-11 I'm talking German addresses... Thanks! Johannes: @PConroy: This was my initial thougt also. the interesting part on this is to find good transformation rules for the different parts of the address! Any good suggestions? When we were working on this type of project before, our