NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
ntp-4.2.8p15
was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.
Please see the NTP Security Notice for vulnerability and mitigation details.Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
"\n"
) and linefeed ("\r"
)
"<"
, ">"
, "&"
, single quote ('
) and double quote ("
)
"%"
, "["
, "]"
, "@"
, "_"
, "*"
, "="
and "|"
%ENCODE{"string"}%
Parameter: | Description: | Default: |
---|---|---|
"string" | String to encode | required (can be empty) |
type="safe" | Encode special characters into HTML entities to avoid XSS exploits: "<" , ">" , "%" , single quote (' ) and double quote (" ) | type="url" |
type="entity" | Encode special characters into HTML entities, like a double quote into " . Does not encode \n or \r . | type="url" |
type="html" | As type="entity" except it also encodes \n and \r | type="url" |
type="quotes" | Escape double quotes with backslashes (\" ), does not change other characters | type="url" |
type="url" | Encode special characters for URL parameter use, like a double quote into %22 | (this is the default) |
%ENCODE{"spaced name"}%
expands to spaced%20name
<input type="text" name="address" value="%ENCODE{ "any text" type="entity" }%" />
%SEARCH{ "%ENCODE{ "string with "quotes"" type="quotes" }%" noheader="on" }%
type="entity"
or type="safe"
to protect user input from URL parameters and external sources against cross-site scripting (XSS). type="entity"
is more aggressive, but some TWiki applications might not work. type="safe"
provides a safe middle ground.