Prefer white lists over blacklists for sanitization of user input. Far easier to get right; less vulnerable to new vectors. @eileencodes
e.g. If you're validating schemes in URLs check that it is http/HTTPS rather than just blacklisting JavaScript. (One just missed data://)
1:57 AM - 8 Jul 2016
from Brighton, England
0 replies
1 retweet
8 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.