sanitization

问题 I am sanitizing the current html (string value), I want to know if is possible only allow certains attributes. In this example the string only should keep the "id" attribute. Like this: <h1 id="header">DomSanitizer</h1><script>ourSafeCode()</script>'); This is an example of my component. import {BrowserModule, DomSanitizer} from '@angular/platform-browser' @Component({ selector: 'my-app', template: ` <div [innerHtml]="html"></div> `, }) export class App { constructor(private sanitizer:

问题 I am using TinyMCE for my PHP/CodeIgniter CMS back-end input. However when I use a text color, some of codes are not saved and does not show the correct color. How can I solve this problem? Thanks in advance. <span style="color: #ff00ff;">Some text</span> becomes <span #ff00ff;">Some text</span> in database Some codes are here. In my controller. function _fields() { $data = array( .... 'content' => $_POST['content'], .... ); return $data; } function create() { // We need TinyMCE, so load it

问题 I have implemented a search engine in C for my html website. My entire web is programmed in C. I understand that html input sanitization is necessary because an attacker can input these 2 html snippets into my search page to trick my search page into downloading and displaying foreign images/scripts (XSS): <img src="path-to-attack-site"/> <script>...xss-code-here...</script> Wouldn't these attacks be prevented simply by searching for '<' and '>' and stripping them from the search query ?

问题 How do I find duplicate addresses in a database, or better stop people already when filling in the form ? I guess the earlier the better? Is there any good way of abstracting street, postal code etc so that typos and simple attempts to get 2 registrations can be detected? like: Quellenstrasse 66/11 Quellenstr. 66a-11 I'm talking German addresses... Thanks! 回答1: Johannes: @PConroy: This was my initial thougt also. the interesting part on this is to find good transformation rules for the

问题 I have this code which sanitises user input on a variable called 'username': $username_clean = preg_replace( "/[^a-zA-Z0-9_]/", "", $_POST['username'] ); if (!strlen($username_clean)){ die("username is blank!"); I want to carry out the same process on each input on this page but I have about 12 different inputs since it is a registering form. Is there an easier way to sanitise and check each input instead of applying preg_replace() and the if statement on each one? 回答1: If you want to

问题 This is in reference to this (excellent) answer. He states that the best solution for escaping input in PHP is to call mb_convert_encoding followed by html_entities. But why exactly would you call mb_convert_encoding with the same to and from parameters (UTF8)? Excerpt from the original answer: Even if you use htmlspecialchars($string) outside of HTML tags, you are still vulnerable to multi-byte charset attack vectors. The most effective you can be is to use the a combination of mb_convert

问题 I have the unfortunate task of cleaning up a bunch of old ColdFusion code. Queries are all over the place, I am working on moving them all to common CFCs for easier maintenance. I am running into a problem because cfquery is automatically converting the single quotes to double-single-quotes. How can I override that behavior? More specific information is below. So here is the query I started with: <cfquery name="getObjectInfo" datasource="#BaseDS#"> SELECT groupName AS lastname, '[Group]' AS

问题 I've been hunting around the net now for a few days trying to figure this out but getting conflicting answers. Is there a library, class or function for PHP that securely sanitizes/encodes a string against XSS? It needs to be updated regularly to counter new attacks. I have a few use cases: Use case 1) I have a plain text field, say for a First Name or Last Name User enters text into field and submits the form Before this is saved to the database I want to a) trim any whitespace off the front

问题 I've been hunting around the net now for a few days trying to figure this out but getting conflicting answers. Is there a library, class or function for PHP that securely sanitizes/encodes a string against XSS? It needs to be updated regularly to counter new attacks. I have a few use cases: Use case 1) I have a plain text field, say for a First Name or Last Name User enters text into field and submits the form Before this is saved to the database I want to a) trim any whitespace off the front

问题 I am programming a blog and I want the URIs to be the title like the question title here in stackoverflow or like wordpress. What are the rules for sanitizing a URI? Is there an already made code in PHP that does this? Thanks in advance, Omer 回答1: Many CMS's have implemented something like that, the one of Wordpress has been posted in another question. You might be interested in the question about this technique in general, too. 回答2: This might be the shortest way to replace any non