Oh, and by the way: can we make “thou shalt not sanitize HTML with regexps” a thing? It seems that not everybody heard that yet… #infosec #security #XSS
@WPalant You *can* do it correctly. Or is your point that you can but shouldn't, because it's easy to get wrong?
@varx Quite frankly: it’s extremely rare that this is done correctly.
@WPalant True, although it also depends on what kind of sanitization you want.
A Mastodon instance for info/cyber security-minded people.
@WPalant You *can* do it correctly. Or is your point that you can but shouldn't, because it's easy to get wrong?