Hacker News new | past | comments | ask | show | jobs | submit login

"using a regex to try and match bad things"

And that's the core failure, not the use of regexes.

Whatever you are using to filter user input, you always filter the good things in, and not the bad things out.




Exactly. For example the common case of filtering "text to be displayed via the web" is probably best expressed as a (1) a validating conversion to utf8 followed by (2) a regex that translates characters outside the safe range to XML entities.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: