Sanitize user input: Difference between revisions
Content added Content deleted
Thundergnat (talk | contribs) (→{{header|Raku}}: Add a somewhat bogus hand-wavey entry) |
Thundergnat (talk | contribs) m (→{{header|Raku}}: typo) |
||
Line 33: | Line 33: | ||
[https://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/ names], [https://infiniteundo.com/post/25326999628/falsehoods-programmers-believe-about-time time], [https://medium.com/gender-2-0/falsehoods-programmers-believe-about-gender-f9a3512b4c9c gender]... the list goes on. |
[https://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/ names], [https://infiniteundo.com/post/25326999628/falsehoods-programmers-believe-about-time time], [https://medium.com/gender-2-0/falsehoods-programmers-believe-about-gender-f9a3512b4c9c gender]... the list goes on. |
||
When passing a user command to the operating system, you probably want to use whitelisting. |
When passing a user command to the operating system, you probably want to use whitelisting. Only a very few commands from a predetermined list are allowed to be used. |
||
if $command ∈ <ls time cd df> then { execute $command } |
if $command ∈ <ls time cd df> then { execute $command } |