A
Anonymous
Guest
Do I need to sanitize data coming from an input element (e.g., text) that has a pattern attribute that blocks script tags, like < and > and quote characters? I am not seeing any reference on the web relating using the html5 pattern attribute to intercept cross site scripting injection attacks.
What about data coming from an input element (e.g., text) that is headed to a database column that's only 11 characters wide? It would seem no matter was injected, 11 characters wouldn't be enough to do anything other than replace the valid data that would have gone there?
If data is coming back from the database, do I need to re-sanitize it? If the anwer is yes, then it should it apply to *every* value= ? even ones with the pattern attribute blocking as I indicated above.
What about data coming from an input element (e.g., text) that is headed to a database column that's only 11 characters wide? It would seem no matter was injected, 11 characters wouldn't be enough to do anything other than replace the valid data that would have gone there?
If data is coming back from the database, do I need to re-sanitize it? If the anwer is yes, then it should it apply to *every* value= ? even ones with the pattern attribute blocking as I indicated above.