When parsing and validating input, two dicta are in tension with each other.
Check everything for safety. Don't allow garbage in, because it can lead to who knows what out.
Be permissive about accepting input (but strict about producing output), because otherwise you are creating unnecessary incompatibilities.
What principle decides wh开发者_如何转开发ich rule to apply? My best guess is that (1) applies to cases where you are validating data that will be passed on elsewhere. Is there any other consideration?
I'd say that #1 applies more to the content of the input (is it really a person's name, or is it a DROP TABLE command?), while #2 applies more to the format of the input (almost-valid XML -- we know what you mean, so we'll accept it).
I also think that various situations in which #2 was implemented (accepting poor HTML or XML; allowing javascript without semicolons for line endings) have proved to be mistakes.
精彩评论