Closed mlbriel closed 11 years ago
dmeese
commented
11 years ago The inputs are all parameterized by ActiveRecord, and whitelisting is tricky when you want people to still have access to a meaningful amount of formatting in comments, etc. After discussion, we think that absent specific examples, that we're OK as is.
mlbriel
commented
11 years ago I am referring to non-printing characters not whitespace. Examples would be ASCII 0x0E through 0x1A these are valid ascii characters but generally not useful in passwords or web content.
From: noreply@github.com [mailto:noreply@github.com] On Behalf Of David Meese Sent: Wednesday, November 28, 2012 10:19 PM To: dmeese/MathWorld Cc: Briel, Marc L. Subject: Re: [MathWorld] stripify.rb does not remove non-printing characters (#23)
The inputs are all parameterized by ActiveRecord, and whitelisting is tricky when you want people to still have access to a meaningful amount of formatting in comments, etc. After discussion, we think that absent specific examples, that we're OK as is.
— Reply to this email directly or view it on GitHub https://github.com/dmeese/MathWorld/issues/23#issuecomment-10833636 .
Stripify.rb does not remove any non-printing characters or whitespace. These characters are allowed in UserIDs and passwords