Reply to post: Programming 101: never assume data passed is valid

Crash Google Chrome with one tiny URL: We cram a probe in this bug

Crazy Operations Guy Silver badge

Programming 101: never assume data passed is valid

Seriously, never, ever assume that any data passed is going to be valid. In security sensitive code like this, the data should always be treated with some suspicion and be validated at the beginning and end of every function that handles it.

I would assume that the URL parsing function would strip the protocol from the beginning, which would leave you with [null] after URL decoding and thus an empty string. The calling function should have noticed that it received an empty string and ignore, and continued o its merry way with the next URL it detects.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019