> escape data to prevent it from being interpreted as code What about too mu... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

Xurinos on Jan 26, 2011 | parent | context | favorite | on: XSS Prevention Cheat Sheet

> escape data to prevent it from being interpreted as code

What about too much data? Overflow is a concern, too. Escaping is just one solution, so I shot for the more general rule.

pornel on Jan 26, 2011 [–]

> What about too much data? Overflow is a concern

Buffers are not supposed to overflow with trusted data either, so again, security is subset of correctness. "Not trusting" data only prevents exploit from reaching vulnerable code, it doesn't fix the vulnerability.

Don't write web applications C? ;)

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact