Telegram_2021-11-05T20

<< Click to Display Table of Contents >>

Navigation:  Telegram > 2021 > 11 > 05 >

Telegram_2021-11-05T20

Telegram link

 

2021-11-05T20:00:51

 

IW escapes all strings generated as output. So this works:

 

 

Telegram link

 

2021-11-05T20:02:05

 

I'm posting IWEdit1 value and copying it to IWMemo1 (below). It works and  does nothing as it would do in PHP because all strings are escaped (thus they are actually sanitized)

 

 

Telegram link

 

2021-11-05T20:03:51

 

Thanks!

 

 

Telegram link

 

2021-11-05T20:05:59

 

if you are hyper paranoid about it, you can possibly use function ParamIsValid(const AParam: string; out Idx: Integer): Boolean;

 

From IWUtils.

 

AParam is any text (like the value received to update IWEdit1.Text).

 

It returns False if the string contains any malicious tag/code (like the one you suggested).

 

And Idx will contain the index of the offending text/code within the string. Otherwise, it will return True

 

 

Telegram link

 

2021-11-05T20:06:22

 

This function is used to sanitize the startup parameters received when the session starts

 

 

Telegram link

 

2021-11-05T20:06:39

 

You're welcome! ??

 

 

Telegram link

 

2021-11-05T20:08:17

 

Out of curiosity, ParamIsValid will block things like

 

, ,