WebApp Sec mailing list archives

Re: Re: Canonicalization

From: Peter Conrad <conrad () tivano de>
Date: Tue, 18 Apr 2006 09:06:15 +0200

Hi,

On Thu, Apr 13, 2006 at 09:24:12PM +0200, Mariusz P?kala wrote:


Canonicalization would be, for example, ensuring that &#039; is changed
to single quote, or removing backslashes from places where they are not
needed - <f\ont> => <font>


it should be noted that these examples are heavily dependant on context.
Canonicalization can only make sense if there is a clear definition of
what the canonical form is.

The wikipedia article is a little clearer in that regard.

See http://en.wikipedia.org/wiki/Canonicalization


Bye,
        Peter
-- 
Peter Conrad                        Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH             Fax: +49 6102 / 80 99 071
Bahnhofstr. 18                      http://www.tivano.de/
63263 Neu-Isenburg

Germany

-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------

Current thread:

Re: Canonicalization, (continued)
- - - Re: Canonicalization exon (Apr 21)
    - Re: Canonicalization Jason Murray (Apr 23)
    - Re: Canonicalization exon (Apr 24)
    - Re: Canonicalization Eoin (Apr 21)
    - Re: Canonicalization Andrew van der Stock (Apr 22)
- Re: RE: Canonicalization jovan . burd (Apr 13)
- Re: Re: Canonicalization susam_pal (Apr 13)
  - Re: Canonicalization Rogan Dawes (Apr 14)
  - Re: Canonicalization Jason (Apr 14)
  - Re: Re: Canonicalization Mariusz Pękala (Apr 14)
    - Re: Re: Canonicalization Peter Conrad (Apr 18)