Blog of Daniel Ruf

#javascript

target="_blank" considered harmful

30.08.2020

Often links can be abused to take control of pages. This is a problem that is known for a very long time but it seems many developers are not aware of this or forgot about this.

#php

don't blindly trust FILTER_VALIDATE_URL

25.05.2020

Valid URLs can use a wide range of different protocols. This requires strict validation of user supplied URLs combined with correct checks. Too lax or wrong checks can quickly lead to vulnerabilities.