this post was submitted on 18 Nov 2023
464 points (95.5% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54443 readers
1128 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] reverendsteveii@lemm.ee 2 points 11 months ago* (last edited 11 months ago) (1 children)

You should tell that to OWASP then, they wrote it. org.owasp.esapi 2.5.2.0, class is Encoder, method is canonicalize(String, bool, bool)

[–] WarmApplePieShrek@lemmy.dbzer0.com 1 points 11 months ago

This method is a band-aid patch when your downstream code is all messed up and you can't fix it. Instead of treating the input string correctly, it just removes anything that might possibly trigger some vulnerability in wrong code.