Jump to content

The secure life of an Ampersand.


ricmetal

Recommended Posts

i'm dealing with security measures to avoid xss and i wanted to organize my thoughts on what i was doing.

so i started to write an easy way to follow every step i needed to do to correctly secure and display data.

so i came up with this story like explanation and i thought i'd share it. in the mean while i forget what was the trouble i was having.

here is my essay anyway.

 

Once, there was an ampersand in a HTML Form on a webpage, awaiting to travel to another webpage, through a POST Request, in an URI. He was in luck because he was on an AJAX based Form, so he would be traveling through the website faster that usual. In order to travel safely through one webpage to another, the ampersand was wrapped in a capsule called an encodeURIComponent capsule before boarding the URI, which demoleculerized him into his URL encoded counterpart. This was a common safety feature used in the ampersand world to ensured a safe stay in the URI, a safe travel through the POST Request and a successful arrival at his first stop. The PDO dock.

 

Along the journey and after a few bumps along the way, the ampersand realized that he was traveling third class. He realized he had entered a HTML Form on an Internet Explorer 6 Browser! (that was easy to throw in here)

 

Continuing his hasty journey, he soon arrived at his first stop, the PDO dock, where the demoleculerized ampersand was automatically

transferred from the POST Request and Prepared to travel first class, because as of now, the PDO did not run under the Browser administration anymore!

 

So, the ampersand was automatically transferred from the URI to the first class lane, the Prepared Statement lane. This lane did not travel at the speed which the ampersand experienced in the Form, but it was a good way to travel, because it provided all the safety the ampersand needed, and although the ampersand could have been remoleculerized and still experience this safe travel through the Prepared Statement lane, it would only slow his journey down. He was a smart demoleculerized ampersand. He knew that he would be automatically remoleculerized at his next stop; the Database!

 

So his transfer was made and the continuation of his travel was Executed. This part of the journey was a part of the journey with more views, open space and things to see. The Server was indeed full of things he could stare at hours at a time. The htaccess. The numerous configurations. In all, a relaxing route for the ampersand, as none of these realities he was viewing where his concern.

 

Alas, the Database, an international place. A far away place ran by a democratically voted king, the UTF-8! The ampersand was immediately

reminded of his German friend, Umlaut, and how he had come here in tranquility, without the fear of being ignored, or even remoleculerized

into something else!

 

Unknowingly, the ampersand was now remoleculerized again and was observing the database realm from his Field in a Column of the Database, awaiting his next departure. Although excited about completing his journey, the ampersand felt a little nervous, knowing he would soon, at User request, leave this well fortified and secured location and travel again through less secure places. What expected him? Would he have to make his way through third class Browsers again? This was all very intimidating for the ampersand. But wait. He immediately was reminded of a book that every Field in Databases have in the night table's first drawer, near the bed. The W3C Standards! Yes, he was a safe and happy ampersand again, and this guide would come in handy. He knew how he could use the guide's information and indirectly tell the User if he traveled safely or not! All was well again.

 

Before he could concentrate on observing the outside of his Field again, the ampersand found himself speeding through the Database's Column with other Characters he knew not! some of these characters where so wrapped together they looked like something else. It was a disturbing sight for the ampersand but soon he had forgotten all about it because he was now being demoleculerized again. Although painless, it was somewhat of an emotionally disturbing experience which led him to personality disorder, thus taking all his concentrating power to deal with his actual predicament.

 

But the ampersand knew his demolecularizer, and although he used the same demolecule methods as encodeURIComponent, the ampersand trusted him more that his coworker, encodeURIComponent, which sometimes was switched off and entered strike periods!

No, this demoleculerizer what a straight guy. Once hired, he'd never go on strike!

 

He was the rawurlencode.

 

So again, our ampersand was traveling safely. He left the Database behind and found himself on the Prepared Statement lane again, soon to be automatically transferred from this secure lane to the less secure, Browser Administrated, AJAX request based, POST Request based,

URI transport, at the PDO dock. He had been travelling slow but it seemed like a fast connection to him either way. But still, he knew that the end of his travel would be a faster one, with the well known and accepted AJAX speeds, and his only concerns was his safety.

 

So, at the PDO dock, he was again remoleculerized to his normal self, but this trip was somewhat different, as he was about to discover.

The ampersand was to be demoleculerized again but with a different method. The ampersand was now demoleculerized by a Third Party

entity called the jQuery Encoder Plugin which transformed him to his HTML entity counterpart. But the ampersand felt good. He knew he could now show up at his destination as his own self.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.