A little while ago, I wrote about a few bugs that I encountered due to special characters.
I ran into another related bug that is specifically related to the format of my blog URLs.
Culprit 4 – –
Yes, the little dash that I use in the headers of many of my posts causes problems in some applications.
The solution is for me to simply edit the automatically generated URL to remove the dash. However, I wish that I knew about that earlier.
Special Characters and Cross-site Scripting (XSS)
As part of my ongoing education related to Web Application Security, I’ve learned that this special character, as well as several others, is disallowed in many web applications because of the risk of Cross-site Scripting attacks. I’ll write more about Cross-site Scripting attacks and how to test for them in a future post. (I have to finish the WebGoat lesson first.)