Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "sanitize input"
-
Being a programmer for a while now it always irritates me to try to explain what I'm working on to friends and family. I forget what I knew before I developed. I'm always like "I made the strings in the database- oh I mean the words...well they're actually more like strings of letters- well anyway I made a code to sanitize the user input- I mean make it so it is secure before uhhh saving." I spend so much time watering what I'm saying down I forget what I'm talking about
It's not even funny. It'd be funny if one single person in my family or friend group understood what I meant to some degree.3 -
Here's an example of what happens when you don't sanitize your input.
The software in question runs in the user's browser and is used to display text from a Twitch chat.
https://youtu.be/2GtbY1XWGlQ2 -
I dont understand the Log4j vulnerability.
Isnt the ability to execute code a feature they added so that you can add dynamic data to the logs?
If it is a feature then isnt it written in the documentation?
Is the problem that a lot of companies forgot to sanitize the input before logging it?23 -
Guys. Sanitize the Tags input length. Here on devrant. Call the devs, I don't know who they are...8
-
It reaaaally annoys me when my business logic is sound but the data is corrupted.
For example, find duplicates in a HashMap<String>.. but I didn't take into account the input could contain a space either before or after.. so I end up wondering: if a HashMap only contains unique keys, how come the count of items in the map is the same as the count of the input keys?! Well.. spaces were the culprit.
"12345" != "12345 ".. and therefore the Map sees it as two distinct keys..
What an annoying bug.
Lesson learned: 1) Sanitize input first and never trust it. 2) Never make assumptions16 -
Inherited a legacy system from a previous "developer" who wrote code to sanitize input from sql injection in the front end and then called an web method called execSql which accepts am sql statement in a string value!
Obviously the app ran under admin privileges.2 -
I like to teach sites that don't escape HTML/js in input fields a lesson, and put in a redirect. Where would you redirect them?
I tend to go SFW, like redirecting to a competitor or the NSA.