Better yet, only parse out and use the metacharacters that you absolutely
require and ignore the rest.

----------------------------------
John Daniele
Technical Security & Intelligence
Toronto, ON
Voice: (416) 605-2041
Email: [EMAIL PROTECTED]
Web:   http://www.tsintel.com
----------------------------------


On Sat, 19 Jan 2002, zero wrote:

>
> >
> >
> > > B - I've seen literaure which says servers should
> > > block " < > " ' ; ( ) + - " characters. If one has not
> > > blocked all these types what are the implications
> > > (i.e., if only <> types are blocked) ?
> >
> >while "<" and ">" are the first nessasary step... those
> >other special characters can sometimes used to
> >modify HTML in other instances. All in all they are
> >just a good idea to filter so users arent messed with.
>
>
> Not only HTML tags but also unix redirections: >> , >, << , <
>
> Alex
>
>
> mailto:[EMAIL PROTECTED]
> http://www.podergeek.com/
> http://www.citfi.org
> ------------------------------------------------------
> "The further backward you look, the further forward you can see" Winston
> Churchill
> "Access is GOD..."
>
>

Reply via email to