Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
sfvisser
3 days ago
|
parent
|
context
|
favorite
| on:
setBigTimeout
Don’t ever use attacker controlled data directly in your source code without validation. Don’t blame setTimeout for this, it’s impolite!
n2d4
3 days ago
[–]
The problem is the validation. You'd expect you just have to validate a lower bound, but you also have to validate an upper bound.
reply
leptons
3 days ago
|
parent
[–]
It's user input, you have to validate
all the bounds
, and filter out whatever else might cause problems. Not doing so is a a problem with the programmer, not setTimeout.
reply
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: