I guess; I'll change it to escape by default then.
[QUOTE=swift and shift;34385243]If you need to output HTML, then you should have to [i]explicitly[/i] unescape it.
[editline]25th January 2012[/editline]
ie. it should be easier to output with escaping than without[/QUOTE]
Why?
Prevent XSS.
[editline]25th January 2012[/editline]
Most of the time when coding, XSS exploits don't cross your mind; for example, when writing 'PrintTable' I didn't escape it until later when I seen what could've been done.
[QUOTE=Lexic;34385371]Why?[/QUOTE]
Because outputting raw HTML is such a rare and dangerous task that you don't want to be doing it by default.
If output is automatically escaped, that's one less thing the programmer can forget about when coding.
[QUOTE=swift and shift;34385414]If output is automatically escaped, that's one less thing the programmer can forget about when coding.[/QUOTE]
The programmer shouldn't forget about escaping data when coding - that's the total opposite of what they should be doing.
If the write function escapes everything, then it becomes common place for the developer to treat safe and unsafe data the same; this would potentially result in an event where the developer combines safe and unsafe data and unescapes them together, treating them both as safe.
I avoid such accidents by escaping unsafe data when it is merged with safe data (basically: as late as possible).
For example, you may have a user details page that is automatically generated from various database entries.
[lua]
details_html = [[<div class='user_detail_list'>]]
for label, value in pairs(user.data) do
details_html = (
details_html
.. [[<div class='user_detail'>]]
.. [[<span class='user_detail_label'>]]..label..[[</span>]]
.. [[ ]]..value
.. [[</div>]]
)
end
write_noescape(details_html) -- cause we need formatting, right?
[/lua]
All good... unless the a value in user.data is unsafe.
This particular example doesn't show how easily the mistake can be made; in large projects, there would be plenty of unnoticed XSS vulnerabilities if you were to follow this methodology.
Instead, it should be like this:
[lua]
details_html = [[<div class='user_detail_list'>]]
for label, value in pairs(user.data) do
details_html = (
details_html
.. [[<div class='user_detail'>]]
.. [[<span class='user_detail_label'>]]..label..[[</span>]]
.. [[ ]]..EscapeHTML(value)
.. [[</div>]]
)
end
write(details_html)
[/lua]
Unless user.data is a conglomerate of trusted and untrusted data; in this case, the untrusted data should be escaped as it is inserted into user.data.
I wrote a great big post and android fucking deleted it and doesn't have an undo. Fuck.
Basic jist: write should write and nothing else. Have an escapedWrite function if you can't handle your own data, but webservers output webpages, not text. not being able to output HTML defeats this.
[QUOTE=Deco Da Man;34385633]The programmer shouldn't forget about escaping data when coding - that's the total opposite of what they should be doing.
If the write function escapes everything, then it becomes common place for the developer to treat safe and unsafe data the same; this would potentially result in an event where the developer combines safe and unsafe data and unescapes them together, treating them both as safe.[/quote]
I can count on one hand the number of times I've had to output raw HTML. I've outputted escaped, untrusted data countless times though. It just makes sense to have output automatically escaped.
It'd be a bit awkward in Lua, but in languages that support it - using the type system to manage safe/unsafe strings works very well to prevent you from shooting yourself in the foot when you inevitably forget to escape something somewhere.
You should also [b]never, ever[/b] unescape unless you're super-duper 100% sure what you are doing. There's really no good reason to in the overwhelming majority of cases.
[quote]I avoid such accidents by escaping unsafe data when it is merged with safe data (basically: as late as possible).[/quote]
Right, that's how it should be done. Premature escaping is the root of all evil!
[quote]All good... unless the a value in user.data is unsafe.[/quote]
You really shouldn't be manually building up HTML like that. You should be using a template system.
[quote]This particular example doesn't show how easily the mistake can be made; in large projects, there would be plenty of unnoticed XSS vulnerabilities if you were to follow this methodology.
[/QUOTE]
Go tell that to the thousands of sites out there using Rails 3, Rails 2.2 with rails_xss, ASP.NET MVC with Razor, Django, or the myriad of other frameworks that take this issue out of the developers hands.
Eh; I didn't want to derail the thread. Can we agree to disagree?
[QUOTE=COBRAa;34385906]Eh; I didn't want to derail the thread. Can we agree to disagree?[/QUOTE]
no, i'm clearly right
USB tanning bed:
[img]http://i.imgur.com/gB2Zt.jpg[/img]
[QUOTE=swift and shift;34383738]can you make it hook the cmd+shift+* key combinations like cloudapp does?[/QUOTE]
Yep:
[IMG]http://i.imgur.com/zP6rY.png[/IMG]
[QUOTE=olavst;34385122]Are you using a GUI library? I want to make something similar and I can't decide between wxWidgets and Qt.[/QUOTE]
Just Cocoa. :)
[QUOTE=C:\;34384982]Sorry if i'm late, but have we not all acknowledged that you're geel9 yet? It says so on the android market page.[/QUOTE]
Whatever could you POSSIBLY be talking about?
[QUOTE=Sc00by22;34378305]This might interest you and some others if you are into that kind of thing: [url]http://www.youtube.com/watch?v=AUjuefLqphY[/url][/QUOTE]
Reminds me of that one time I reverse engineered EVE Online's network protocol a couple of years ago. I had my C# library reconstructing the serialised objects and (python) classes at runtime via reflection. It could send arbitrary C# objects back to the server in a similar manner.
It could also process the game's local cache files. (convert market data to spreadsheets, etc..)
It was never for profit though; and I signed an NDA for that stuff later so I can't elaborate further.
Visual Studio 2010's build output is a bit spammy compared to 2005
don't you just hate bugs you can't reproduce?
don't you just [i]love[/i] having a random "AHA!" moment that leads to a solid example that reproduces said bug?
i just had one of those moments, it feels so good :v:
[editline]25th January 2012[/editline]
i feel like the hardest part of fixing a bug is finding a way to consistently reproduce it - once you've figured that out, it's usually pretty easy to actually fix the bug
Yeah, I'm currently stuck on a bug that I can consistently reproduce... IT ONLY OCCURS WHEN I BREAKPOINT A SPECIFIC LINE OF MY CODE.
Seriously, how's that even possible :suicide:
Race conditions?
I think I messed up a bit on the lighting...
[img]http://i56.tinypic.com/2qbgenn.png[/img]
[QUOTE=ROBO_DONUT;34387245]Race conditions?[/QUOTE]
Quite possibly, the problem occurs with the Win32 API's ReadFile() function. I [i]think[/i] I'm using synchronously though, meaning it should be blocking until the file read operation is finished, right?
Any suggestions on improvement?
[img]http://i52.tinypic.com/4t3h1z.png[/img]
Not enough games have hot-seat multiplayer.
[quote][img]http://i.imgur.com/IgoYy.png[/img][/quote]
Boom.
[QUOTE=DrLuke;34385936]USB tanning bed:
[img]http://i.imgur.com/gB2Zt.jpg[/img][/QUOTE]
I see your girlfriend is working on her tan. Very nice.
I started working on a desktop application in Qt today. I couldn't decide wether to use Qt or wxWidgets, but I went for Qt because I have used it a little bit before and I found [URL="http://www.youtube.com/user/VoidRealms/videos"]this guy[/URL] on youtube. He makes a lot of good Qt tutorials.
Anyway, after working for just a few hours I already have this:
[IMG]http://i.imgur.com/0TtC8.png[/IMG]
(Default file manager icon, cant figure out how to load resources yet.)
[QUOTE=amcfaggot;34387965]I see your girlfriend is working on her tan. Very nice.[/QUOTE]
what
edit:
fuck I got it now
you bastard!
[QUOTE=WalkDinosaur;34386688]Whatever could you POSSIBLY be talking about?[/QUOTE]
Not putting anything against you, you make some good shit.
though you're cocky as fuck
[QUOTE=C:\;34388194]Not putting anything against you, you make some good shit.
though you're cocky as fuck[/QUOTE]
How so?
[QUOTE=garry;34386915]Visual Studio 2010's build output is a bit spammy compared to 2005[/QUOTE]
recently started using it, not really noticed it being more spammy than earlier versions but [url]http://connect.microsoft.com/VisualStudio/feedback/details/603666/custom-build-steps-do-not-run-in-visual-c-visual-studio-2010#details[/url] was very annoying before I knew how to fix it
[QUOTE=WalkDinosaur;34388367]How so?[/QUOTE]
You took over development of the facepunch application for android, added a few things, then tried to sell it.
That, and you're just generally cocky :v:.
[QUOTE=Chris220;34387323]Quite possibly, the problem occurs with the Win32 API's ReadFile() function. I [i]think[/i] I'm using synchronously though, meaning it should be blocking until the file read operation is finished, right?[/QUOTE]
Referencing out-of-scope variables in stack memory, perhaps?
If you do something like this:
[cpp]
char* hello() {
char hello[] = "hello world";
return hello
}
int main() {
char *str = hello();
printf(str);
}
[/cpp]
It will actually work on some systems/compilers, even though the behavior is undefined, because there's a good chance the stack will still contain whatever was placed there last.
That is, it will work until the compiler decides to emit different code, or something gets in between hello() and printf(). Breakpoints are one such change that could make everything go horribly awry.
Sorry, you need to Log In to post a reply to this thread.
