I'm fairly ignorant of Internet Security and, seeing as I'm going to be
writing my first web app, I wanted a bit of a clarification on one point.

If input has been escaped is it strictly necessary to sanitize it (removing
html tags for example)? It strikes me that the html will not be
rendered/executed by the browser if the string has already been escaped but
merely be displayed.

The app will not take much in the way of input except for a User name or
ID, password, email address and mailing address. If displaying this
information on a settings page, is there anything more that needs be done
to the string itself?

This also applies to search. I want to ensure no code gets injected to a DB
search. Will html.EscapeSting() be adequate since it will escape the single
or double quote?



You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

Discussion Posts

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 4 | next ›
Discussion Overview
groupgolang-nuts @
postedJul 18, '14 at 10:19p
activeJul 19, '14 at 6:49p



site design / logo © 2022 Grokbase