Closed mlbriel closed 11 years ago
The inputs are all parameterized by ActiveRecord, and whitelisting is tricky when you want people to still have access to a meaningful amount of formatting in comments, etc. After discussion, we think that absent specific examples, that we're OK as is.
I am referring to non-printing characters not whitespace. Examples would be ASCII 0x0E through 0x1A these are valid ascii characters but generally not useful in passwords or web content.
From: noreply@github.com [mailto:noreply@github.com] On Behalf Of David Meese Sent: Wednesday, November 28, 2012 10:19 PM To: dmeese/MathWorld Cc: Briel, Marc L. Subject: Re: [MathWorld] stripify.rb does not remove non-printing characters (#23)
The inputs are all parameterized by ActiveRecord, and whitelisting is tricky when you want people to still have access to a meaningful amount of formatting in comments, etc. After discussion, we think that absent specific examples, that we're OK as is.
— Reply to this email directly or view it on GitHub https://github.com/dmeese/MathWorld/issues/23#issuecomment-10833636 .
Stripify.rb does not remove any non-printing characters or whitespace. These characters are allowed in UserIDs and passwords