sanitization

Events happening in the community are now at Drupal community events on www.drupal.org.

Let's implement the sanitization bazooka: Autosanitization

Posted by geek-merlin on September 18, 2012 at 1:09pm

Abstract

Wrong sanitization of user supplied strings, resulting in CSRF security issues, accounts for the vast majority of security announcements. Autosanitization (exactly: proper context stack aware autosanitization) would be the bazooka to end this once and for all. It is in reach und would be a unique feature among notable open source frameworks. The implementation requirements are described. Research is needed as of the D8 core requirements necessary to implement this in contrib land.

Anatomy of a sanitization issue

Consider a node title that is rendered like this:

Read more
Subscribe with RSS Syndicate content

AltStyle によって変換されたページ (->オリジナル) /