a tumblelog
Thu 27 Feb 2020

Don’t try to sanitize input

Every so often developers talk about “sanitizing user input” to prevent cross-site scripting attacks. This is well-intentioned, but leads to a false sense of security, and sometimes mangles perfectly good input.

Source: Don’t try to sanitize input. Escape output., an article by Ben Hoyt.