Skip to content
This repository has been archived by the owner on Nov 5, 2018. It is now read-only.

URL injection #16

Closed
thiagoarrais opened this issue Sep 2, 2011 · 2 comments
Closed

URL injection #16

thiagoarrais opened this issue Sep 2, 2011 · 2 comments
Labels
Security

Comments

@thiagoarrais
Copy link
Contributor

Nano sometimes interpolates user input without proper escaping.

Should we concern ourselves with protecting from URL injection? Or should the library user take care of that? Is this even a problem?
@dscape
Copy link
Contributor

dscape commented Sep 2, 2011

Nano is minimalistic. I don't think that would be helpful in nano.

Might consider building an plugin functionality that executes before
each request being sent. This way you could do whatever you needed in
your application and augment nano if you felt like it?

Do you like that idea?

On Fri, Sep 2, 2011 at 1:42 PM, thiagoarrais
reply@reply.github.com
wrote:

Should we concern ourselves with protecting from URL injection? Or should the library user take care of that? Is this even a problem?

Reply to this email directly or view it on GitHub:
#16

@thiagoarrais
Copy link
Contributor Author

If you think it's a good idea outside this use case, sure, go for it. But if you don't see anything else taking advantage of this, there is no need to bother. The thought simply crossed my mind when I saw a157df.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thiagoarrais @dscape