By jrandol
via eng.genius.com
Published: Jul 31 2010 / 06:53
Some time ago, Genius Engineering decided to unify the manner in which we encode values that contain user input. We previously depended upon the PHP built-in htmlentities() and some simple wrappers around it for our encoding needs, but this function alone can’t safely sanitize tainted data in all contexts. Furthermore, we didn’t have a unified vision of whether encoding should happen immediately upon receipt of data from the user or when we display that data to the user.
-
Q&A series - Java DataStructures
-
InfoQ: Hybrid SQL-NoSQL Databases Are Gaining Ground
-
RubyInstaller for Windows: The easy way to install Ruby on Windows
-
The Potential Ramifications of Platform-Based Vulnerabilities on Cloud Computing
-
Linux Command Line tips that every Linux user should know.
-
Chrome 18 beta enables 3D content for older GPUs via SwiftShader
Add your comment
