mozilla

Revision 203727 of encodeURI

  • Revision slug: Talk:JavaScript/Reference/Global_Objects/encodeURI
  • Revision title: encodeURI
  • Revision id: 203727
  • Created:
  • Creator: Aapo Laitinen
  • Is current revision? No
  • Comment register_globals confusion

Revision Content

Reserved characters was missing the ';'. See uriReserved on page 88 of the EMCAScript Language Specification, version 3.


The part about encodeURI being dangerous when register_globals is on is misleading. Having register_globals on increases your chances of writing exploitable code regardless of whether you use encodeURI or not since the attacker can always handcraft the request. The actual problem of incorrectly using encodeURI is that it breaks legimate requests. Aapo Laitinen 02:45, 19 December 2005 (PST)

Revision Source

<p>Reserved characters was missing the ';'.
See uriReserved on page 88 of the EMCAScript Language Specification, version 3.
</p>
<hr>
<p>The part about <i>encodeURI</i> being dangerous when <i>register_globals</i> is on is misleading. Having <i>register_globals</i> on increases your chances of writing exploitable code regardless of whether you use <i>encodeURI</i> or not since the attacker can always handcraft the request. The actual problem of incorrectly using <i>encodeURI</i> is that it breaks legimate requests. <a href="User:Aapo_Laitinen">Aapo Laitinen</a> 02:45, 19 December 2005 (PST)
</p>
Revert to this revision