|
|
|
|
|
|
by dsp1234
3796 days ago
|
|
|
The point for such scenarios is that whitelist is better than blacklist. from CVE-2015-7580: Carefully crafted strings can cause user input to bypass the sanitization in the white list sanitizer So people are using a whitelist, and this bug is in that whitelist. In other words, people are "doing the right thing" and are still vulnerable. |
|
|