Revision as of 12:20, 29 November 2007 edit 83.141.113.85 (talk) →Comment out characters ← Previous edit		Revision as of 21:54, 25 December 2007 edit undo RJFJR (talk \| contribs) Administrators 166,891 edits some cleanup Next edit →
Line 1: {{Cleanup\|date=March 2006}} ~~[[String (computer science)\|String]] programming is believed to be easy by programmers. This is hower not the case: several~~Several implementation / design flaws are associated with [[String (computer science)\|string]] programming, some of those are associated with [[security ~~exploits~~exploit]]s. ~~== Canonicalization problems ==~~ ~~Software programmers often assume that strings are canonical. This a fallacy.~~ ~~=== Example: HTML tags are not canonical ===~~ ~~Fallacy:~~ ~~"<code><nowiki><script></nowiki></code>" can only be written as "<code><nowiki><script></nowiki></code>"~~ ~~This is not true. Many HTML processors will accept "<code><nowiki><</nowiki>'''SPACE'''<nowiki>script></nowiki></code>" or "<code><nowiki><</nowiki>'''NUL'''<nowiki>script></nowiki></code>"~~ == Concatenation problems == ~~A lot of people believe that~~ It is possible to cause ''String1 + User_Input_String + String2'' to behave in unepected ways by by crafting unanticipated User_Input_String, such as having string2 ignored in processing. ~~will behave in some sort of controlled manner. This is not true.~~ === String termination === Line 28 ⟶ 20: * Unix shells: '''#''' means ignore rest of line == ~~Related~~See ~~articles~~also (other string problems) == * [[Format string attack]] - printf format strings are dangerous [[Buffer overflow]] - Buffer overflows often occurs in unsafe string functions

Improper input validation: Difference between revisions