I've received some input from the user's browser, checked it for unpleasant
stuff, and determined that it contains characters I'm not happy with. I'd
like to store it or email it to an administrator for inspection (so attack
types can be monitored and so on).
What steps should I take to ensure that the code that delivers the email or
writes to the log file doesn't get exploited by something which I know is
nasty? I thought of base64 encoding it, but that would render it unreadable
without a special viewer of some sort. Is there something I can do to
guarantee the string is harmless without obfusticating it too much?
--
The email address used to post is a spam pit. Contact me at
http://www.derekfountain.org : <a
href="http://www.derekfountain.org/">Derek Fountain</a>