5
olback
7y

Do you need to escape string if you encode everything with base64 before it touches the database? 🤔

#BadPractise?

Comments
  • 1
    I guess not, but your data is gonna take up a lot more space that way.
  • 0
  • 1
    Still, if you decode again, escape is needed to protect against XSS
  • 1
    theoretically couldn't someone come up with a string that, when encoded into base64, turns into some kind of bad thing you dont want

    (professional terms, I know)
  • 1
    @Golank base64 generally only consists of alphanumeric characters, so you should not be able to do that
  • 0
    @Golank In general no. because after you convert data to base 64 you handle it as base64 encoded and you will not run a base64 encoded string because it doesn't make sense. You should worry more about the original data
Add Comment