Sanitize file path in PHP
realpath() will let you convert any path that may contain relative information into an absolute path…you can then ensure that path is under a certain subdirectory that you want to allow downloads from.
sanitization
Angular 2 disable sanitize
You need to explicitly tell Angular2 that the string is trusted https://angular.io/docs/ts/latest/api/platform-browser/index/DomSanitizer-class.html constructor(private sanitizer:DomSanitizer) {} get imgBase64() { this.sanitizer.bypassSecurityTrustUrl(‘data:image/png;base64,$SomeBase64StringFetchedSomehow’); } <img alt=”RegularImage” [src]=”imgBase64″> See also In RC.1 some styles can’t be added using binding syntax
CSS and JQuery: spaces inside image name break code of url()
Spaces are not valid in a URI. They need to be encoded to %20. You could src.replace(/ /g, ‘%20′), or more generally, encodeURI(src) to %-encode all characters that aren’t valid in a URI. encodeURIComponent(src) is more common, but it would only work if the src was just a single relative filename; otherwise, it’d encode / … Read more
what is a good method to sanitize the whole $_POST array in php? [duplicate]
Just use filter_input_array() from the filter extension. /* prevent XSS. */ $_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING); $_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING); This will sanitize your $_GET and $_POST.
How do I convert a string into safe SQL String?
There is only a single character you have to escape: ansi 0x27, aka the single quote: safeString = unsafeString.Replace(“‘”,”””);
Remove all non-numeric characters from a string; [^0-9] doesn’t match as expected
Try this: preg_replace(‘/[^0-9]/’, ”, ‘604-619-5135’); preg_replace uses PCREs which generally start and end with a /.
Sanitizing HTML input
You will have to decide between good and lightweight. The recommended choice is ‘HTMLPurifier’, because it provide no-fuss secure defaults. As faster alternative it is often advised to use ‘htmLawed‘. See also this quite objective overview from the HTMLPurifier author: http://htmlpurifier.org/comparison
When is it best to sanitize user input?
Unfortunately, almost no one of the participants ever clearly understands what are they talking about. Literally. Only Kibbee managed to make it straight. This topic is all about sanitization. But the truth is, such a thing like wide-termed “general purpose sanitization” everyone is so eager to talk about is just doesn’t exist. There are a … Read more
Sanitize table/column name in Dynamic SQL in .NET? (Prevent SQL injection attacks)
I’m not sure if you’re still looking into this, but the DbCommandBuilder class provides a method QuoteIdentifier for this purpose. The main benefits of this are that it’s database-independent and doesn’t involve any RegEx mess. As of .NET 4.5, you have everything you need to sanitize table and column names just using your DbConnection object: … Read more
Dealing with line Breaks on contentEditable DIV
This technique appears to avoid the Chrome bug that does show BRs the first time (with the code you mentionned you need to push two times the Enter key). It’s not a perfect hack but it works: it adds a whitespace after your BR so it show properly. However, you will see that adding only … Read more