If you eat it like that, you may get hurt immediately, by its beak, or its claws. It may grab your money and run off with it.
If you want to eat it, better to kill it first.
If you eat it like that, you may get hurt or die, in a few hours, or days. Washing it wonβt help.
Cook it. Cook it well. If thereβs any sign of pink, cook it some more.
It might still kill you, but at least youβre a lot safer than when you started.
If you display it, users will get hurt immediately, whether by cross-site scripting, cookie sniffing, crypt-currency mining, or something else. If youβre lucky, it will be something your userβs see immediately and leave your site never to return. Otherwise they may get infected.
If you want to use it, better to validate it first.
If you save it like that, your users are still vulnerable. It might appear on the front end in a different form. It might be a string of unicode characters that crashes your phone. It might be a link to somewhere they canβt trust.
Encapsulate it. Sandbox it. Never trust it, in or out . HTML encode, whitelist the output as well as the input.
And if you need to avoid spam, or incitement, or solicitation, maybe you need editors. Computers canβt fix all the social problems.
Top comments (0)