Stack Overflow
Stack Overflow

Questions tagged [sanitization]

Data sanitization to prevent code injection

Data santization is used to prevent code injection problems, by secure input and output handling, such as:

  1. Input validation
  2. Selective input inclusion/exclusion
  3. Escaping dangerous characters. For instance, in PHP, using the htmlspecialchars() function (converts HTML tags to their ISO-8859-1 equivalents) and/or strip_tags() function (completely removes HTML tags) for safe output of text in HTML, and mysql_real_escape_string() to isolate data which will be included in an SQL request, to protect against SQL Injection.
  4. Input encoding
  5. Output encoding
  6. Other coding practices which are not prone to code injection vulnerabilities, such as "parameterized SQL queries" (also known as "prepared statements" and sometimes "bound variables" or "bound values").
  7. Modular shell disassociation from kernel
1083 questions
45
votes
9 answers

what is a good method to sanitize the whole $_POST array in php?

I have a form with a lot of variables which is then sending an email, rather than sanitizing each $_POST value with filter_var($_POST['var'], FILTER_SANITIZE_STRING); I was after a more simple piece of code. I came up with the below, which seems to…
SirG
  • 459
  • 1
  • 4
  • 4
43
votes
5 answers

How I can sanitize my input values in node js?

I validated my Node.js inputs so that they won't be empty, but I want to sanitize them too. Please help me how I can do this. req.checkBody('name', 'Name is required!').notEmpty(); req.checkBody('surname', 'Surname is…
V.Aleksanyan
  • 577
  • 1
  • 4
  • 7
43
votes
5 answers

How can I protect against SQL injection attacks using Perl's DBI?

Is there a function i can use in Perl to sanitize input before putting it into a MySQL db? I don't know regex very well so before I make my own function i was wondering if there was already one made.
cskwrd
  • 2,803
  • 8
  • 38
  • 51
40
votes
5 answers

How to sanitize HTML code in Java to prevent XSS attacks?

I'm looking for class/util etc. to sanitize HTML code i.e. remove dangerous tags, attributes and values to avoid XSS and similar attacks. I get html code from rich text editor (e.g. TinyMCE) but it can be send malicious way around, ommiting TinyMCE…
WildWezyr
  • 10,281
  • 6
  • 23
  • 28
39
votes
2 answers

How do I convert a string into safe SQL String?

I'm generating some sql insert statements from a bunch of text files. These text files are generally user input data. I would like to sanitize this data so that it's not going to break the insert statement. For example, some of the input data,…
Diskdrive
  • 18,107
  • 27
  • 101
  • 167
39
votes
2 answers

Best way to go about sanitizing user input in rails

I've read a lot about this and know there are many related questions on here, but I couldn't find a definitive guide for how to go about sanitizing everything. One option is to sanitize on insert, for example I have the following in my…
Dave
  • 1,051
  • 1
  • 10
  • 20
38
votes
13 answers

Detecting a (naughty or nice) URL or link in a text string

How can I detect (with regular expressions or heuristics) a web site link in a string of text such as a comment? The purpose is to prevent spam. HTML is stripped so I need to detect invitations to copy-and-paste. It should not be economical for a…
JasonSmith
  • 72,674
  • 22
  • 123
  • 149
38
votes
3 answers

Sanitizing HTML in submitted form data

Is there a generic "form sanitizer" that I can use to ensure all html/scripting is stripped off the submitted form? form.clean() doesn't seem to do any of that - html tags are all still in cleaned_data. Or actually doing this all manually (and…
abolotnov
  • 4,282
  • 9
  • 56
  • 88
36
votes
2 answers

Input sanitization in ReactJS

I am using ReactJS do develop a simple chat application. Could someone help me to sanitize the input . There is only one input text box to send chat messages. How to sanitize it?.
Shamnad P S
  • 1,095
  • 2
  • 15
  • 43
36
votes
2 answers

Is sanitizing JSON necessary?

I think it's a well-known best practice on the web to mistrust any input. The sentence "All input is evil." is probably the most cited quote with respect to input validation. Now, for HTML you can use tools such as DOMPurify to sanitize it. My…
Golo Roden
  • 140,679
  • 96
  • 298
  • 425
35
votes
5 answers

What can I use to sanitize received HTML while retaining basic formatting?

This is a common problem, I'm hoping it's been thoroughly solved for me. In a system I'm doing for a client, we want to accept HTML from untrusted sources (HTML-formatted email and also HTML files), sanitize it so it doesn't have any scripting,…
T.J. Crowder
  • 1,031,962
  • 187
  • 1,923
  • 1,875
34
votes
5 answers

Sanitizing user's data in GET by PHP

How do you sanitize data in $_GET -variables by PHP? I sanitize only one variable in GET by strip_tags. I am not sure whether I should sanitize everything or not, because last time in putting data to Postgres, the problem was most easily solved by…
Léo Léopold Hertz 준영
  • 134,464
  • 179
  • 445
  • 697
31
votes
9 answers

Sanitize file path in PHP

I'm hoping to make my tiny program secure so that potential malicious users cannot view sensitive files on the server. $path = "/home/gsmcms/public_html/central/app/webroot/{$_GET['file']}"; if(file_exists($path)) { echo…
SeanDowney
  • 17,368
  • 20
  • 81
  • 90
30
votes
8 answers

How can I sanitize a string for use as a filename?

I've got a routine that converts a file into a different format and saves it. The original datafiles were numbered, but my routine gives the output a filename based on an internal name found in the original. I tried to batch-run it on a whole…
Mason Wheeler
  • 82,511
  • 50
  • 270
  • 477
30
votes
2 answers

Best practice for allowing Markdown in Python, while preventing XSS attacks?

I need to let users enter Markdown content to my web app, which has a Python back end. I don’t want to needlessly restrict their entries (e.g. by not allowing any HTML, which goes against the spirit and spec of Markdown), but obviously I need to…
Alan H.
  • 16,219
  • 17
  • 80
  • 113
1
2
3
72 73