16 Matching Annotations
  1. Feb 2021
  2. github.com github.com
    AaronLasseigne/active_interaction
    1
    1. TylerRick 18 Feb 2021
      By default, hashes remove any keys that aren't given as nested filters. To allow all hash keys, set strip: false. In general we don't recommend doing this, but it's sometimes necessary.
      rails: strong parameters flexibility security: sanitizing input
    Visit annotations in context

    Tags

    Annotators

    URL

    github.com/AaronLasseigne/active_interaction
  3. Jan 2021
  4. atomiks.github.io atomiks.github.io
    Constructor
    1
    1. TylerRick 14 Jan 2021
      Ensure HTML strings containing user data are sanitized properly to prevent XSS attacks.
      security: sanitizing input
    Visit annotations in context

    Tags

    Annotators

    URL

    atomiks.github.io/tippyjs/v6/all-props/
  5. www.npmjs.com www.npmjs.com
    sanitize-html
    2
    1. TylerRick 12 Jan 2021
      javascript libraries security: sanitizing input
    2. TylerRick 12 Jan 2021
      Think first: why do you want to use it in the browser? Remember, servers must never trust browsers. You can't sanitize HTML for saving on the server anywhere else but on the server.
      intentional/well-considered decisions security trust whose responsibility is it? security: sanitizing input javascript: server environment vs. browser environment
    Visit annotations in context

    Tags

    Annotators

    URL

    npmjs.com/package/sanitize-html
  6. www.npmjs.com www.npmjs.com
    dompurify
    1
    1. TylerRick 12 Jan 2021
      security: sanitizing input npm package javascript libraries
    Visit annotations in context

    Tags

    Annotators

    URL

    npmjs.com/package/dompurify
  7. Oct 2020
  8. api.rubyonrails.org api.rubyonrails.org
    Untitled document
    1
    1. TylerRick 26 Oct 2020
      security: sanitizing input SQL: like SQL queries
    Visit annotations in context

    Tags

    Annotators

    URL

    api.rubyonrails.org/classes/ActiveRecord/Sanitization/ClassMethods.html
  9. github.com github.com
    choojs/nanohtml
    1
    1. TylerRick 14 Oct 2020
      By default all content inside template strings is escaped. This is great for strings, but not ideal if you want to insert HTML that's been returned from another function (for example: a markdown renderer). Use nanohtml/raw for to interpolate HTML directly.
      escaping (encoding) security: sanitizing input interpolating without escaping (using raw unescaped value) when to use
    Visit annotations in context

    Tags

    Annotators

    URL

    github.com/choojs/nanohtml
  10. www.onwebsecurity.com www.onwebsecurity.com
    Properly encoding and escaping for the web | On Web Security
    1
    1. TylerRick 14 Oct 2020
      When processing untrusted user input for (web) applications, filter the input, and encode the output.
      output encoding distinction security: sanitizing input
    Visit annotations in context

    Tags

    Annotators

    URL

    onwebsecurity.com/security/properly-encoding-and-escaping-for-the-web.html
  11. Jun 2020
  12. docs.gitlab.com docs.gitlab.com
    GitLab Markdown | GitLab
    1
    1. TylerRick 04 Jun 2020
      See the documentation for HTML::Pipeline’s SanitizationFilter class for the list of allowed HTML tags and attributes. In addition to the default SanitizationFilter allowlist, GitLab allows span, abbr, details and summary elements.
      security: sanitizing input GitLab-Flavored Markdown
    Visit annotations in context

    Tags

    Annotators

    URL

    docs.gitlab.com/ee/user/markdown.html
  13. Apr 2020
  14. security.stackexchange.com security.stackexchange.com
    Input Sanitization vs Output Sanitization
    3
    1. TylerRick 28 Apr 2020
      You don't "sanitize your output" you encode it for proper context within the application it is being presented. You encode the output for HTML, HTML Attribute, URL, JavaScript
      security: sanitizing input output encoding better name naming: the importance of good names output encoding/escaping
    2. TylerRick 28 Apr 2020
      When you output the data, you know the use case of the data. This knowledge allows you to safely sanitize the output data accordingly.
      security: sanitizing input output encoding
    3. TylerRick 28 Apr 2020
      I would call this output encoding instead of sanitization
      security: sanitizing input output encoding naming: the importance of good names better name
    Visit annotations in context

    Tags

    Annotators

    URL

    security.stackexchange.com/questions/95325/input-sanitization-vs-output-sanitization
  15. wpvip.com wpvip.com
    Key Differences Between Validation and Sanitization - Enterprise WordPress hosting, support, and consulting - WordPress VIP
    2
    1. TylerRick 28 Apr 2020
      1- Validation: you “validate”, ie deem valid or invalid, data at input time. For instance if asked for a zipcode user enters “zzz43”, that’s invalid. At this point, you can reject or… sanitize. 2- sanitization: you make data “sane” before storing it. For instance if you want a zipcode, you can remove any character that’s not [0-9] 3- escaping: at output time, you ensure data printed will never corrupt display and/or be used in an evil way (escaping HTML etc…)
      distinction input validation security: sanitizing input output encoding output encoding/escaping
    2. TylerRick 28 Apr 2020
      distinction input validation security: sanitizing input
    Visit annotations in context

    Tags

    Annotators

    URL

    wpvip.com/2011/10/13/key-differences-between-validation-and-sanitization/
  16. download.oracle.com download.oracle.com
    What is input validation and sanitization?
    1
    1. TylerRick 28 Apr 2020
      What Is Input Validation and Sanitization? Validation checks if the input meets a set of criteria (such as a string contains no standalone single quotation marks). Sanitization modifies the input to ensure that it is valid (such as doubling single quotes).
      distinction input validation security: sanitizing input
    Visit annotations in context

    Tags

    Annotators

    URL

    download.oracle.com/oll/tutorials/SQLInjection/html/lesson1/les01_tm_ovw3.htm
  17. guides.rubyonrails.org guides.rubyonrails.org
    Ruby on Rails Security Guide — Ruby on Rails Guides
    1
    1. TylerRick 28 Apr 2020
      When sanitizing, protecting or verifying something, prefer whitelists over blacklists.
      security: sanitizing input whitelists blacklists good policy/practice/procedure
    Visit annotations in context

    Tags

    Annotators

    URL

    guides.rubyonrails.org/v5.0/security.html