Hypothesis

8 Matching Annotations

Oct 2020
github.com github.com

choojs/nanohtml

1
1. TylerRick 14 Oct 2020
  
  in Public
  
  By default all content inside template strings is escaped. This is great for strings, but not ideal if you want to insert HTML that's been returned from another function (for example: a markdown renderer). Use nanohtml/raw for to interpolate HTML directly.
  
  escaping (encoding) security: sanitizing input interpolating without escaping (using raw unescaped value) when to use
Visit annotations in context

Tags

security: sanitizing input

escaping (encoding)

when to use

interpolating without escaping (using raw unescaped value)

Annotators

TylerRick

URL

github.com/choojs/nanohtml
www.onwebsecurity.com www.onwebsecurity.com

Properly encoding and escaping for the web | On Web Security

2
1. TylerRick 14 Oct 2020
  
  in Public
  
  Yet it can be deceivingly difficult to properly encode (user) input
  
  They were talking about output encoding but then switched to input encoding? Did they really mean to say input encoding here?
  
  input encoding output encoding what does this actually mean? is this the right word?
2. TylerRick 14 Oct 2020
  
  in Public
  
  When processing untrusted user input for (web) applications, filter the input, and encode the output.
  
  output encoding distinction security: sanitizing input
Visit annotations in context

Tags

input encoding

what does this actually mean?

output encoding

distinction

is this the right word?

security: sanitizing input

Annotators

TylerRick

URL

onwebsecurity.com/security/properly-encoding-and-escaping-for-the-web.html
May 2020
docs.gitlab.com docs.gitlab.com

GitLab API | GitLab

1
1. TylerRick 28 May 2020
  
  in Public
  
  Encoding API parameters of array and hash types
  
  query string input encoding
Visit annotations in context

Tags

input encoding

query string

Annotators

TylerRick

URL

docs.gitlab.com/ee/api/
Apr 2020
security.stackexchange.com security.stackexchange.com

Input Sanitization vs Output Sanitization

3
1. TylerRick 28 Apr 2020
  
  in Public
  
  You don't "sanitize your output" you encode it for proper context within the application it is being presented. You encode the output for HTML, HTML Attribute, URL, JavaScript
  
  security: sanitizing input output encoding better name naming: the importance of good names output encoding/escaping
2. TylerRick 28 Apr 2020
  
  in Public
  
  When you output the data, you know the use case of the data. This knowledge allows you to safely sanitize the output data accordingly.
  
  security: sanitizing input output encoding
3. TylerRick 28 Apr 2020
  
  in Public
  
  I would call this output encoding instead of sanitization
  
  security: sanitizing input output encoding naming: the importance of good names better name
Visit annotations in context

Tags

output encoding

security: sanitizing input

naming: the importance of good names

better name

output encoding/escaping

Annotators

TylerRick

URL

security.stackexchange.com/questions/95325/input-sanitization-vs-output-sanitization
wpvip.com wpvip.com

Key Differences Between Validation and Sanitization - Enterprise WordPress hosting, support, and consulting - WordPress VIP

1
1. TylerRick 28 Apr 2020
  
  in Public
  
  1- Validation: you “validate”, ie deem valid or invalid, data at input time. For instance if asked for a zipcode user enters “zzz43”, that’s invalid. At this point, you can reject or… sanitize. 2- sanitization: you make data “sane” before storing it. For instance if you want a zipcode, you can remove any character that’s not [0-9] 3- escaping: at output time, you ensure data printed will never corrupt display and/or be used in an evil way (escaping HTML etc…)
  
  distinction input validation security: sanitizing input output encoding output encoding/escaping
Visit annotations in context

Tags

input validation

output encoding/escaping

output encoding

security: sanitizing input

distinction

Annotators

TylerRick

URL

wpvip.com/2011/10/13/key-differences-between-validation-and-sanitization/