sanitize

问题 How do I sanitise user input in a bash script so that I can then pass it as an argument to another shell program? I want to prevent the following: INPUT="filename;rm -rf /" ls $INPUT I was thinking it should be enough to surround the user input in double quotes like so: ls "$INPUT" but what if there is a double quote in $INPUT ? Or does bash already deal with this problem? 回答1: The Short Bash already deals with that. Quoting it is sufficient. ls "$INPUT" The Long A rough guide to how the

问题 This question already has answers here : Angular HTML binding (20 answers) Closed 3 years ago . I am trying to get third-party (potentially unsafe) html content from my database and insert it into my html document. How do I safely do that (Protection against XSS) ? In Angular1.x there used to be $sce to sanitize input, how do I do that in Angular2 ? As far as I understand, Angular2 automatically sanitizes it by default, is that correct ? Something like this will not work: <div class="foo"> {

问题 I have a simple PHP mailer script that takes values from a form submitted via POST and mails them to me: <?php $to = "me@example.com"; $name = $_POST['name']; $message = $_POST['message']; $email = $_POST['email']; $body = "Person $name submitted a message: $message"; $subject = "A message has been submitted"; $headers = 'From: ' . $email; mail($to, $subject, $body, $headers); header("Location: http://example.com/thanks"); ?> How can I sanitize the input? 回答1: Sanitize the post variable with

问题 I'm looking for a way to sanitize input that I paste into the browser, is this possible to do with jQuery? I've managed to come up with this so far: $(this).live(pasteEventName, function(e) { // this is where i would like to sanitize my input return false; } Unfortunately my development has come to a screeching hold because of this "minor" issue. I would really make me a happy camper if someone could point me to the right direction. 回答1: OK, just bumped into the same issue.. I went around the

问题 This question already has answers here : Closed 7 years ago . Possible Duplicate: How do I use pdo's prepared statement for order by and limit clauses? I'm using PDO as it has been recommended as the way to go when it comes to PHP database connections. But at the same time I am a obsessed with securing my queries to make sure that my system is as safe as possible from hackers. PDO and prepared statements is a great way to go, but I have a couple of issues with it. I have a custom filtering

问题 I want to send HTML content by POST. But when fetching it and sanitizing it it also cleans the HTML characters. $Code = filter_var_array($value, FILTER_SANITIZE_STRING); WHen I send : I would like to <strong>Save this data</strong> I receive : I would like to Save this data What should I change to create a safe string? edit : In my form I have a WYSIWYG editor (FCK Editor) and it's contents is where I am after. 回答1: I have used HTMLPurifier which is a PHP filter library to sanitize HTML input

问题 I just stumbled on this neat bit of code to filter $_POST data quickly: $post=array_map("filter_data",$_POST); I've updated it to the new version (after PHP 5.2) and I've got $post=array_map("filter_var",$_POST,array(516)); // 516 == 'unsafe_raw' Now I'm paranoid; this seems too easy. So Should I not do this for all post data? (shifty nervous eyes) Is unsafe_raw the correct filter for generic post , get , or cookie data? I should add I'm just trying for a general sanitizer, mainly to remove

问题 (Working in Ubuntu and using ruby, rails, and gems.) I installed the sanitize gem (version 2.0.3). When requiring it from the code, an error is occurring: `require': no such file to load -- sanitize (LoadError) I know the gem is installed: gem list | grep sanitize returns sanitize (2.0.3) which gem returns /usr/bin/gem and which ruby returns /usr/bin/ruby So to check which gem is installed ls -l /usr/bin/gem* returns lrwxrwxrwx 1 root root 15 2011-12-06 18:37 /usr/bin/gem -> /usr/bin/gem1.8

问题 I'm building an application that has a HTML GUI interface to create, move and edit boxes ( div ) inside a container div . These boxes get assigned inline styles when editing, these inline styles are saved to the database and are output in the views: <%= sanitize raw(@slide.content) %> I want to sanitize the HTML itself, to avoid someone hacking in, for instance, a script tag, through sending that by editing what's sent to the server when the boxes are saved. Rails 4 has a helper method

问题 I need to allow inline "style=position: absolute;" output by sanitize(post.content) . I found documentation for Rails 4 that said config.action_view.sanitized_allowed_css_properties = ['position'] in application.rb would add properties to the whitelist, but I can't find documentation whether this is still the case for Rails 5 and it doesn't appear to be working after restarting the server multiple times. Is there a way to easily add whitelisted css properties? This answer for Rails 4 suggests