Character Limitations
The following characters are banned to avoid XSS-attacks and SQL-injections (note that some sets overlap)
|
Character Set |
Reason |
|
< > |
Not allowed in XSS compatible strings |
|
' " \n \r \ ; & | ! \0 % ` < > ? $ ~ |
Not allowed in strings that may be used in db queries |
|
" \n \r \ ; & | ! \0 % ` < > ? $ ~ |
Not allowed in strings that may be used in db queries, assuming single quote is escaped |
|
\0 \n \r / \\ ? % $ * : ; | \" \' ` < > |
Not allowed in filenames |
|
', \" \\ + < > ; = # <space> |
Characters that are allowed to be escaped in strings according to RFC 2253, section 2.4 lists. We also allow '=' to be escaped. |