|
|
|
|
|
|
by Zr40
5000 days ago
|
|
|
If you sanitize input, it implies you're inserting the input into an execution environment. If possible, it's better to treat data as data. In the Javascript eval case, it's definitely possible; just access the data through a variable instead of inserting it into the eval'ed code. |
|
|