0

I have implemented a filter which would scan all the request parameters though regular expression blacklist the requuest if any of the following charcters are found in request:-

'<>?:;

It is satsifying the security aspects perfectly but disrupting the functional aspect. Supoose a user can enter All these characters in a textbox and can also submit the form.

But because of the filter it considers as security threat and redirct it to the error page.

Is it good to send the request encoded in unicode if so then how to encode or decode it?.

Ankit Duggal
  • 55
  • 2
  • 13
  • Just to understand - In which scenario normal user will pass `<>?:;` (blacklisted character) in the request parameter?. Aren't you making in security hole into the application? – SK. Jul 11 '15 at 11:07
  • Suppose there is a text Area in which user can write: <1> abc <2> bcd my filter will block this request as xss threat. Which it should not according to functionality – Ankit Duggal Jul 13 '15 at 07:58

0 Answers0