http Archives - AWS Managed Services by Anchor

A dev’s guide to safely escaping and encoding URLs

By | Technical | One Comment

A lot of the support work that we do here at Anchor involves looking at websites. You could say that we’ve seen a few websites in our time. Something we come across pretty frequently is inadequate protection when it comes to handling user-submitted form data and URLs. This might not seem like a big deal, but it has some pretty big security implications, mostly relating to cross-site scripting. These problems can enable malicious activity like leaking of private data. The short version is that user-supplied data can never be trusted, and you need to carefully escape and format the data to make it safe for the intended use, such as printing it on a webpage. A very simple example Let’s say you run a site that accepts news tips from…

Read More

Draft RFC for new 7xx HTTP status codes

By | Technical | No Comments

It’s come to our attention that a proposal for additional status codes has been released. RFC for the 7XX Range of HTTP Status codes – Developer Errors We’re most in favour of the 73x series, I reckon one of the guys here could hack up a filter in perl to convert those pesky 500-errors from Rails into something a little more meaningful.

Read More