Oh, and by the way: can we make “thou shalt not sanitize HTML with regexps” a thing? It seems that not everybody heard that yet…

· · Web · 1 · 0 · 0

@WPalant You *can* do it correctly. Or is your point that you can but shouldn't, because it's easy to get wrong?

@varx Quite frankly: it’s extremely rare that this is done correctly.

@WPalant True, although it also depends on what kind of sanitization you want.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.