cmccully Posted September 13, 2010 Share Posted September 13, 2010 Hi All, I am building an input filter and using the white list approach. I am going to allow only the following characters: a-z A-Z 0-9 . - _ @ ' # ~ space I realize that the email specification allows for other characters however I am worried about what a bad guy may be able to do if I allow every character included in the specification. Are there other characters I should allow? Any of these I should exclude? Also, any thoughts on stripping out illegal characters versus rejecting the input? I am a bit concerned about re-displaying the offensive string in the web browser to allow the user a chance of correcting it. Am I being too paranoid? Any help or comments are appreciated. Thanks! cmccully Quote Link to comment https://forums.phpfreaks.com/topic/213309-input-filtering-white-list/ Share on other sites More sharing options...
plznty Posted September 14, 2010 Share Posted September 14, 2010 You can never be too paranoid unless your government security. About the input of "bad guys" wouldn't this be resolved with an escape string? Quote Link to comment https://forums.phpfreaks.com/topic/213309-input-filtering-white-list/#findComment-1111082 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.