iRev Input Validation Libraries
Sivakatirswami
katir at hindu.org
Sat Sep 18 00:15:09 EDT 2010
If any one has any input form validation-sanitizer handlers for web
forms, (irev includes...) I could use them right now.
I've studied the web on this. It's vast... "positive match" (i.e. the
input must be a precise match for a given set of values) is considered
the simplest and strongest form, and I can do this for most of my
current form input fields on this project,
But for a max 200 char comments-text field, I need something more
robust. Our PCI auditor regularly flags some pages for XSS attacks, and
I need to get a little more professional about sanitizing input.
I'm thinking this should suffice where the "positive match" is A-z plus
0-9, comma, period and explanation mark... if allowed should suffice,
but then I may need to deal with SQL injection (PostGreSQL) also. if
there is no ";" then nothing can happen. But I know it is more
complicated that that.
I know that regEx could help me here but I'm terrible with regular
expressions.
put
(a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,x,y,z,0,1,2,3,4,5,6,7,8,9,.,!)
into tConstraint
put toLower(tComment) into tComment
replace "," with "" in tComment
repeat for each char x in tComment
if x is not among the items of tConstraint then
Put "Only characters and numbers allowed in comments." into tMessage
end
end repeat
Thanks
I'm a bit out of my depth here. This may be an area where over
simplication doesn't work.
Sivakatirswami
More information about the use-livecode
mailing list