ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.

advertisement

AddThis Social Bookmark Button
Article:
  A Canary Trap for URI Escaping
Subject:   Good practice?
Date:   2006-02-26 23:39:00
From:   dumky
This looks interesting, but I would think it's better for validating that the string was parsed and unescaped properly, rather than figuring out how many unescapings should take place.
It seems this technique would tend to encourage sloppy formatting, rather than good understanding of the proper structure.


I'd also be concerned about security implications: services that integrate with the auth service might parse things differently than the auth service itself...