sanitization

I have a page that is supposed to display a larger version of an image when hovered over a thumbnail. I have a 'div' with an ID and the JQuery code is as following: $(document).ready(function(){ $('img').hover(function() { var src = $("#im" + this.id).attr("src"); $('#viewlarge').css('backgroundImage','url(' + src +')'); return false; }); }); The images I use, are generated by a Ruby script that "generate" an image with a similar, yet different id. However, sometimes, photo's are uploaded that have "spaces" inside. My developer tools tell me that the background-image is not set correctly, yet

I'm generating some sql insert statements from a bunch of text files. These text files are generally user input data. I would like to sanitize this data so that it's not going to break the insert statement. For example, some of the input data, people have used the word Don't. The "'" in don't will lead the sql statement to think the string has ended and therefore cause an error. Is there any .NET method I can call to kind of convert all of these characters to either escape codes or safe characters? Don't sanitize your strings. Use parameterized queries instead, as they handle all sanitization.

My Perl program takes some text from a disk file as input, wraps it in some XML, then outputs it to STDOUT. The input is nominally UTF-8, but sometimes has junk inserted. I need to sanitize the output such that no invalid UTF-8 octets are emitted, otherwise the downstream consumer (Sphinx) will blow up. At the very least I would like to know if the data is invalid so I can avoid passing it on; ideally I could remove just the offending bytes. However, enabling all the fatalisms I can find doesn't quite get me there with perl 5.12 (FWIW, use v5.12; use warnings qw( FATAL utf8 ); is in effect). I

I am trying to render base64 string into <img src='data:image/png;base64,${Here}' . But always when I try to render it, ng2 sanitizing my base64 string before rendering it adds something into my value before showing it in DOM. I have found workaround(using DomSanitizer) but it doesn't work on latest versions. Here is my markup: <img alt="RegularImage" src="data:image/png;base64,{{imgBase64}}"> And here is my component part: imgBase64="SomeBase64StringFetchedSomehow"; But angular2 is showing in console next message - WARNING: sanitizing unsafe URL value How to prevent NG2 from sanitizing my

User equals untrustworthy. Never trust untrustworthy user's input. I get that. However, I am wondering when the best time to sanitize input is. For example, do you blindly store user input and then sanitize it whenever it is accessed/used, or do you sanitize the input immediately and then store this "cleaned" version? Maybe there are also some other approaches I haven't though of in addition to these. I am leaning more towards the first method, because any data that came from user input must still be approached cautiously, where the "cleaned" data might still unknowingly or accidentally be

I have a array, which comes from $_POST[] and can have other arrays in it as values, like: array( 'title' => 'Title', 'data' => array( 'hdr' => 'Header' 'bdy' => 'Body' ), 'foo' => array(1, 23, 65), ... ) How can I sanitize all values of this big array? for eg. apply a strip_tags() to values like Title , Header , Body , 1 , 23 , 65 etc ? Have a look at array_map <?php $a = array( 'title' => 'Title', 'data' => array( 'hdr' => 'Header', 'bdy' => 'Body' ), 'foo' => array(1, 23, 65) ); $b = array_map("strip_tags", $a); print_r($b); ?> Update for 2D array: function array_map_r( $func, $arr ) {

Greetings, I'm hoping to make my tiny program secure so that potential malicious users cannot view sensitive files on the server. $path = "/home/gsmcms/public_html/central/app/webroot/{$_GET['file']}"; if(file_exists($path)) { echo file_get_contents($path); } else { header('HTTP/1.1 404 Not Found'); } Off the top of my head I know that input such as '../../../../../../etc/passwd' would be trouble, but wondering what other malcious inputs I should expect and how to prevent them. realpath() will let you convert any path that may contain relative information into an absolute path...you can then