最大的问题是如何明确地指出在字符串中哪些是合法的。
The biggest problem is figuring out exactly what should be legal in the string.
同样,对于字符串您也要确定哪些是合法的,并拒绝所有其他的字符串。
Again, with strings you need to identify what is legal, and reject any other string.
此外,现在还有第二项检查,目的是让证书标识匹配某个字符串,管理员已将该字符串设计为过滤出除已知合法用户之外的所有用户。
In addition, there is now a second check so that the identity of the certificate matches some string that the administrator has designed to filter out all but a known set of legitimate users.
不是每一个字符串都是合法的rexx符号——为限制程序库中的关键字——但是相对于大部分语言,Rexx在符号命名方面非常自由。
Not every string is valid Rexx symbol — which restricts the keys in the dictionary — but Rexx is pretty liberal about its symbol names, compared to most languages. E.g.
对也是合法数字且没有为xsl:sort指定数据类型的字符串排序。
Sorting strings that are also valid Numbers, where no data-type is specified for XSL: sort.
如果指针是合法的,在这个字符串起始的前面4个字节中有这个字符串的长度。
If the pointer is valid the length of the string is found at the 4 bytes preceding the start of the string.
因此,任何用来进行文件系统操作的字符串都应该进行正确的合法性验证。这里给出一个相对上一个例子较好的例子。
Therefore, any tainted string that is used in a filesystem operation should always be validated properly. Here is a better version of the previous example.
字符串中在合法数字后可以包含额外的非法字符,对于这些字符只需丢弃即可。
The string can contain additional characters after those that form the integral number, which are ignored and have no effect on the behavior of this function.
字符串中在合法数字后可以包含额外的非法字符,对于这些字符只需丢弃即可。
The string can contain additional characters after those that form the integral number, which are ignored and have no effect on the behavior of this function.
应用推荐