Null character inside tag
Old bug is more expensive than new two?
Made for myself an interesting discovery, it turns out to be a line
')
IE interprets as a normal bold tag with all the consequences, the same goes for the <script> <style> tags and others.
This in turn means that deleting potentially dangerous elements using
The same applies to filtering by white lists, which simply may not count the sequence
Fortunately, Firefox, Opera and Safari do not think so. Developers, be careful when filtering user data!
Made for myself an interesting discovery, it turns out to be a line
<\0b>text</b> - where \ 0 is a character with code 0')
IE interprets as a normal bold tag with all the consequences, the same goes for the <script> <style> tags and others.
This in turn means that deleting potentially dangerous elements using
str_replace, preg_replace (PHP), s / <script /.../ i (Perl, sed) and other replace () functions for other languages will not give the desired results.The same applies to filtering by white lists, which simply may not count the sequence
<\0b>text</b> tag.Fortunately, Firefox, Opera and Safari do not think so. Developers, be careful when filtering user data!
Source: https://habr.com/ru/post/57562/
All Articles