pdfbox-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tilman Hausherr <THaush...@t-online.de>
Subject Re: Sanitizing input?
Date Sun, 09 Aug 2015 22:04:35 GMT
Do you mean strategies to avoid this
https://xkcd.com/327/
, but in PDF?

No need, the strings you pass are escaped when the PDF is created. Of 
course you still need some strategies to avoid people to enter "12345" 
for a name, checking on the length, etc.

Tilman

Am 09.08.2015 um 23:10 schrieb Stuart Small:
> I am putting together a system that automatically generates some tax forms
> off of user input.  The original PDFs are provided by the IRS, I will just
> be plugging user input into relevant fields.
>
> PDF is a large file format that I don't fully understand.  I've been
> surprised before by some of the things it is capable.  So that got me
> thinking, is there any sanitation I need to perform to the user input
> before generating the PDF?  Or any special cases I should keep in mind when
> filling in forms with arbitrary strings from an untrusted source.
>
> Thanks in advance!
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org


Mime
View raw message