Page MenuHomeFeedback Tracker

Script function to strip all occurrences of script functions within a string.
Closed, ResolvedPublic

Description

Much like how in PHP with SQL, you have functions that can be used to safeguard your code from SQL injection, I believe it'd be useful to have a similar method available in SQF.

This way, data validation from publicvariable messages etc doesn't need to be so extensive to protect from script injection.

Yes, you can make your own SQF function that does this, sure, but an engine method would be MANY times faster, and would scale with future improvements, as the source for these script function names could be dynamically sourced etc.

As said above, there's no REAL need for such a function, as you can plug this hole with your own implementation of the function, or with data validation, but the simplicity of having a function that dictionary tests each word within a string would greatly cut down on the need to manually validate data entry.

Details

Legacy ID
833292907
Severity
Feature
Resolution
Open
Reproducibility
Have Not Tried
Category
Scripting

Event Timeline

Radioman edited Steps To Reproduce. (Show Details)Mar 31 2013, 1:59 AM
Radioman edited Additional Information. (Show Details)
Radioman set Category to Scripting.
Radioman set Reproducibility to Have Not Tried.
Radioman set Severity to Feature.
Radioman set Resolution to Open.
Radioman set Legacy ID to 833292907.May 7 2016, 1:19 PM
MadDogX added a subscriber: MadDogX.May 7 2016, 1:19 PM

Mass closing ancient tickets with no activity for > 12 months; assume fixed or too trivial.

If this issue is still relevant in current dev build, please re-post.