view · edit · history · print

User Input Sanitise

When it comes to OS-level interaction; the best practice would be to always evaluate the need to sanitize the following character sequences:

 
;	#Sequential execution (UNIX*)
&	#Sequential execution (Win.), logical AND if duplicate
..	#Path traversal (NOT single ".")
&&	#logical AND operation (can be replaced by single "&")
||	#logical OR operation (can be replaced by single "|")
$(	#Command substitution (can be replaced by single "$")
`	#Command substitution
/	#Path expression
\	#Character escaping, Path expression, special char replacement (NL)
%	#Environment subshell expansion, CGI NUL char %00
$	#Environment subshell expansion
|	#Output pipelines, logical OR if duplicate
>	#Output redirection
"	#Quoted encapsulation
'	#Quoted encapsulation
<	#Input redirection, Bracket enclosure
*	#Wildcard  expansion
=	#Environment modification
[	#Bracket enclosure
admin · attr · attach · edit · history · print
Page last modified on May 27, 2015, at 03:29 AM