[erlang-questions] Special Characters problem
Antoine Koener
antoine.koener@REDACTED
Wed Jan 2 15:55:34 CET 2013
Is 'single character >' allowed in xmpp since it is xml ?
Should have been >
On Wednesday, January 2, 2013, Vlad Dumitrescu wrote:
> Hi!
>
> On Wed, Jan 2, 2013 at 12:26 PM, Evren Bayraktar <evrenweb@REDACTED<javascript:_e({}, 'cvml', 'evrenweb@REDACTED');>
> > wrote:
>
>> lists:flatten(io_lib:format("from=~s&to=~s&message=~s&status=~b&time_create=~b",
>> [FromS, ToS, BodyS, Status, unix_timestamp()
>>
>
> I would guess that the message's body (and maybe even the other strings)
> should be escaped or quoted (by using ~w instead of ~s), probably the
> parser for the resulting string can't handle the spaces and the '>'.
>
> You should in any case sanitize the input, otherwise you will have
> problems with code injection, imagine a message saying
> "Hello&status=closed&time_create=..." (or worse).
>
> best regards,
> Vlad
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20130102/7a134a7f/attachment.htm>
More information about the erlang-questions
mailing list