states that it does not allow not character sets [^foob] because of security issues. ( I choose not to select the ignore option )
What is an example of how this could be a security issue?
Asked
Active
Viewed 73 times
3
-
...does not answer the question of why it is a security issue ...`I choose not to select the ignore option` – Apr 10 '13 at 23:19
-
It does. " The issue is with unicode characters, you're allowing pretty much anything in there and there's potential for security issues, or validation bypassing issues. Instead of disallowing something (which can be bypassed), allow only what characters are valid." It's a simple whitelisting covers more bases than trying to blacklist everything. – Alex W Apr 10 '13 at 23:20
-
As AlexW mentioned, fully read the answer to that question. If you're not using regex for validation or if your validation code does not contain the `[^..]` pattern then there is no security issue. – slebetman Apr 11 '13 at 01:29