Learn More
Resend Email
6
olback
6y

Do you need to escape string if you encode everything with base64 before it touches the database? 🤔

#BadPractise?

rant
Favorite
Ranter
Comments
  • 1
    6y
    I guess not, but your data is gonna take up a lot more space that way.
  • 0
    6y
    No
  • 1
    6y
    Still, if you decode again, escape is needed to protect against XSS
  • 1
    6y
    theoretically couldn't someone come up with a string that, when encoded into base64, turns into some kind of bad thing you dont want

    (professional terms, I know)
  • 1
    6y
    @Golank base64 generally only consists of alphanumeric characters, so you should not be able to do that
  • 0
    6y
    @Golank In general no. because after you convert data to base 64 you handle it as base64 encoded and you will not run a base64 encoded string because it doesn't make sense. You should worry more about the original data
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment