Main topic is querystring formatting and encoding.
Explain when url encoding should occur and how the querystring is parsed
Tell the structure from the content
In a UI, the structure can be created using multiple fields. But in a text-only environment, need encoding.
Different encodings that exist.
Check in .Net libraries
Look at Java and PHP and other
Find relevant RFCs
Problem with the + versus (space) and %20
Explain base 64
Same thing happens in XML, programming languages, shell.
IDE could help for string formatting and escaping. (An extension of this idea would be that the whole programming language is abstracted in the IDE view, but is XML in the backend store: http://developers.slashdot.org/article.pl?sid=05/01/18/2157249 )
Javascript/ASP/PHP/JSP: escaping within escaping...
Advanced version is serialization and xml
Binary structures are easy but not human readable. Text structure requires escaping...
Not escaping leads to security holes (XSS, SQL injection,...)
Posted by Julien. Permalink | TrackBack