Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update: Cross_Site_Scripting_Prevention_Cheat_Sheet.md - "alphanumeric characters" is not strictly defined #1175

Open
franklin-ross opened this issue Jul 26, 2023 · 0 comments
Open

Update: Cross_Site_Scripting_Prevention_Cheat_Sheet.md - "alphanumeric characters" is not strictly defined #1175

franklin-ross opened this issue Jul 26, 2023 · 0 comments
Labels
ACK_WAITING Issue waiting acknowledgement from core team before to start the work to fix it. HELP_WANTED Issue for which help is wanted to do the job. UPDATE_CS Issue about the update/refactoring of a existing cheat sheet.

Comments

@franklin-ross
Copy link

franklin-ross commented Jul 26, 2023
edited

What is missing or needs to be updated?

The Output Encoding Summary Rules section talks about alphanumeric characters without defining what that means. Many definitions have a caveat like "Other characters also may be included in an alphanumeric character set" or talk about some punctuation being included. It's also unclear whether that only includes the Latin charset or the full Unicode range. Taken strictly this could be /[a-zA-Z0-9]/ and perhaps that's the intent as a safe baseline, but it could also be taken as /[\w\d/] which would change based on the regular expression engine and settings.

How should this be resolved?

Remove or reduce uncertainty when talking about "alphanumeric characters" by using more concrete technical language, Unicode categories/ranges, or regular expression examples that don't depend on the regex engine.
@franklin-ross franklin-ross added ACK_WAITING Issue waiting acknowledgement from core team before to start the work to fix it. HELP_WANTED Issue for which help is wanted to do the job. UPDATE_CS Issue about the update/refactoring of a existing cheat sheet. labels Jul 26, 2023
@franklin-ross franklin-ross changed the title Update: [Cross_Site_Scripting_Prevention_Cheat_Sheet.md] "alphanumeric characters" is not strictly defined Update: Cross_Site_Scripting_Prevention_Cheat_Sheet.md - "alphanumeric characters" is not strictly defined Jul 26, 2023
@Shiva953 Shiva953 mentioned this issue Sep 1, 2023
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ACK_WAITING Issue waiting acknowledgement from core team before to start the work to fix it. HELP_WANTED Issue for which help is wanted to do the job. UPDATE_CS Issue about the update/refactoring of a existing cheat sheet.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@franklin-ross