You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
HTTPRequest takes immense efforts to mark unsafe values as "tainted" - but gets unsafe via caching in other.
Assume that access to the request variable "x" is unsafe. If the first access to "x" is with HTTPRequest.get(...returnTaints=True...), then all accesses to "x" deliver a value marked as tainted. However, if the first access is with returnTaints=False, then all accesses deliver a value without "taint mark" (because the first access caches the returned value in other and the other lookup no longer honours returnTaints).
The text was updated successfully, but these errors were encountered:
* do not cache (implicit) request access to form data or cookies in `other`: #630
* remove comments as requested by @dataflake
* - smuggling a small web link fix into Dieter's PR
HTTPRequest
takes immense efforts to mark unsafe values as "tainted" - but gets unsafe via caching inother
.Assume that access to the request variable "x" is unsafe. If the first access to "x" is with
HTTPRequest.get(...returnTaints=True...)
, then all accesses to "x" deliver a value marked as tainted. However, if the first access is withreturnTaints=False
, then all accesses deliver a value without "taint mark" (because the first access caches the returned value inother
and theother
lookup no longer honoursreturnTaints
).The text was updated successfully, but these errors were encountered: