--Originally published at Merino is talking about security.
In web applications you may encounter with a form, any form, that lets you write whatever string and maybe do something with it, display it as a comment, save it in the data base, send it as message, etc. But lets say that instead of jut plain text, I write a piece of code, and if the input isn't sanitized the page will run that code, and the results can be disastrous. Let the people at computerphile explain it better:
there are quite some kinds of code injection but here as the most common ones:
SQL injection: As the name indicates, is meant to attack SQL databases, adding sql scripts to the un-sanitized input can result in the database running said queries and returning data that should be read by the user. More info.
A simple solution to this problem is input sanitization, it cleans your inputs so that malicious code can't be written into it. You can do this by preventing certain characters or sets of characters to be typed in your input. Maybe banning the single quote or the <> brackets. The people at eSecurity Planet wrote a very in depth article on how to protect your web applications using code sanitization, there are many things you can do. Since HTML5, input type can be added to any input tag, and that can be a small step into making sure that the incoming Continue reading "Clean your shoes before entering the house."