retiolus@lemmy.cat to Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ@lemmy.dbzer0.comEnglish · 10 months agoNaming Torrentsfiles.catbox.moeimagemessage-square75fedilinkarrow-up1378arrow-down114cross-posted to: [email protected]
arrow-up1364arrow-down1imageNaming Torrentsfiles.catbox.moeretiolus@lemmy.cat to Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ@lemmy.dbzer0.comEnglish · 10 months agomessage-square75fedilinkcross-posted to: [email protected]
minus-squareAlien Nathan Edward@lemm.eelinkfedilinkEnglisharrow-up2arrow-down1·edit-210 months agoYou should tell that to OWASP then, they wrote it. org.owasp.esapi 2.5.2.0, class is Encoder, method is canonicalize(String, bool, bool)
minus-squareWarmApplePieShrek@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up2·10 months agoThis method is a band-aid patch when your downstream code is all messed up and you can’t fix it. Instead of treating the input string correctly, it just removes anything that might possibly trigger some vulnerability in wrong code.
You should tell that to OWASP then, they wrote it. org.owasp.esapi 2.5.2.0, class is Encoder, method is canonicalize(String, bool, bool)
This method is a band-aid patch when your downstream code is all messed up and you can’t fix it. Instead of treating the input string correctly, it just removes anything that might possibly trigger some vulnerability in wrong code.