one of the weirdest cases I encountered is that, unless you turn the behavior off, POST variables get sanitized automatically in ASP.NET; at one place I worked we found that users sometimes couldn't log in because ASP.NET didn't like the passwords they were using and chose to mangle them
(the justification for the strange behavior was that it is really difficult to sanitize text that might be HTML rendered because of the all the weird ways you can run JS)
Paul Houle
npub1j8…0v5ze
2024-09-19 19:10:02 UTC
in reply to nevent1q…762c
Author Public Key
npub1j8xu7kxh2utnsfaq96q9jljstrnxw6q2tvtv6w0wvgmpcmdj4zgst0v5zeSeen on
wss://relay.momostr.pinkPublished at
2024-09-19 19:10:02 UTCEvent JSON
{
"id": "c9923d599b5e7f39be33ad37e371c2807a61e60dd21ad487f5285db4c5e13a3d",
"pubkey": "91cdcf58d757173827a02e80597e5058e667680a5b16cd39ee62361c6db2a891",
"created_at": 1726773002,
"kind": 1,
"tags": [
[
"p",
"9514f8f344dd309396ef36ea9ce44633165c2752c35cb9c52c0144ea8e14a8c0"
],
[
"p",
"1fddad01feaa543cd1a4728bac796865ee4a8d46b07eb9a2d0f9b1b9c33d21f1"
],
[
"e",
"bd68ef99a6ddb3a05e272e373888b46b9b9da7c43bb593fa845b09c440586f86",
"",
"reply",
"9514f8f344dd309396ef36ea9ce44633165c2752c35cb9c52c0144ea8e14a8c0"
],
[
"proxy",
"https://mastodon.social/@UP8/113165795497383480",
"web"
],
[
"e",
"2b4f7f35df8323cb96e6cb667d35bde64131d76becc1822596dd9f9f1680d8a0",
"",
"root",
"9514f8f344dd309396ef36ea9ce44633165c2752c35cb9c52c0144ea8e14a8c0"
],
[
"p",
"91cdcf58d757173827a02e80597e5058e667680a5b16cd39ee62361c6db2a891"
],
[
"proxy",
"https://mastodon.social/users/UP8/statuses/113165795497383480",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.social/users/UP8/statuses/113165795497383480",
"pink.momostr"
],
[
"-"
]
],
"content": "one of the weirdest cases I encountered is that, unless you turn the behavior off, POST variables get sanitized automatically in ASP.NET; at one place I worked we found that users sometimes couldn't log in because ASP.NET didn't like the passwords they were using and chose to mangle them\n\n(the justification for the strange behavior was that it is really difficult to sanitize text that might be HTML rendered because of the all the weird ways you can run JS)",
"sig": "7eaec606ee93d32af5ed8f13225e1d179ed073cd5517f5a856d18604b0170fb734ea7c467a73c245666fca8c5d072b9447ef829dd38b74f2bec41f87e08a609a"
}