Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

V5.1.6 - should escaping really be under input validation? #578

Closed
securitybits opened this issue Feb 26, 2019 · 2 comments
Closed

V5.1.6 - should escaping really be under input validation? #578

securitybits opened this issue Feb 26, 2019 · 2 comments
Assignees
@vanderaj
Milestone
4.0

Comments

@securitybits
Copy link

Verify that unstructured data is sanitized to enforce safety measures such as allowed characters and length, and characters potentially harmful in given context should be escaped (e.g. names with Unicode or apostrophes, such as ねこ or O'Hara).

The second part of this sentence (or perhaps all of it) might fit better under 5.3 Input Sanitization and Output Encoding Requirements
@elarlang
Copy link
Collaborator

Related issue, reorganising V5 subcategories #523

@vanderaj vanderaj added this to the 4.0 milestone Feb 26, 2019
@vanderaj vanderaj added the QA label Feb 26, 2019
@vanderaj vanderaj self-assigned this Feb 26, 2019
@vanderaj
Copy link
Member

Divided last part into 5.3.1, as it was all about CWE 116. No point in having a new item.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vanderaj vanderaj

Labels
None yet
Projects
None yet
Milestone
4.0
Development

No branches or pull requests
3 participants
@vanderaj @securitybits @elarlang