Menu

Snippets

Yet another programmer blogging about code

Archive for the ‘Reposted’ Category

Comma-separated vulnerabilities

Thursday, October 8th, 2015

If you accept user input and then export it as CSV, please read this now! James Kettle very neatly explains how something as simple as a CSV export can be used to deliver exploits. I didn’t know about this before today; hat tip to Gravity Forms and, via them, Ninja Forms.

I thought title text improved accessibility. I was wrong.

Friday, February 15th, 2013

David Ball has written a follow-up to his excellent article “Things I learned by pretending to be blind for a week“, where he discusses why title text is not as useful as we’ve been led to believe, and what to do about it. Please, if you haven’t already, go and read his article: “I thought title text improved accessibility. I was wrong.

PHP Security: Default Vulnerabilities, Security Omissions and Framing Programmers?

Monday, August 27th, 2012

Pádraic Brady has written a must-read article on some of the silly defaults in PHP that put the lie to the old adage, “what you don’t know won’t hurt you”. Clearly, some of this stuff could hurt you/your clients very easily. And I have to put my hand up to failing on the SSL/TLS and XML injection attack vulnerabilities…

PHP Security: Default Vulnerabilities, Security Omissions and Framing Programmers?

Korpela’s guide to using special characters in HTML

Wednesday, February 1st, 2012

Here’s a gem that just has to be widely disseminated. Jukka Korpela has written a nice guide to using special characters in HTML. I reckon it covers the problem pretty comprehensively, so rather than try to write one myself, I reckon everyone should check out his guide.