Y
Hacker News
new
|
ask
|
show
|
jobs
by
sfvisser
615 days ago
Don’t ever use attacker controlled data directly in your source code without validation. Don’t blame setTimeout for this, it’s impolite!
1 comments
n2d4
615 days ago
The problem is the validation. You'd expect you just have to validate a lower bound, but you also have to validate an upper bound.
link
leptons
615 days ago
It's user input, you have to validate
all the bounds
, and filter out whatever else might cause problems. Not doing so is a a problem with the programmer, not setTimeout.
link