r4 - 2009-02-23 - 06:12:52 - TWikiContributorYou are here: NTP > 
TWiki Web > TWikiVariables > VarENCODE
TWiki Web > TWikiVariables > VarENCODENTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
ntp-4.2.8p13was released on 07 March 2019. It addresses 1 medium-severity security issue in ntpd, and provides 17 non-security bugfixes and 1 other improvements over 4.2.8p12.
Please see the NTP Security Notice for vulnerability and mitigation details.Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
ENCODE{"string"} -- encodes a string to HTML entities
- Encode "special" characters to HTML numeric entities. Encoded characters are:
- all non-printable ASCII characters below space, except newline (
"\n") and linefeed ("\r") - HTML special characters
"<",">","&", single quote (') and double quote (") - TWiki special characters
"%","[","]","@","_","*","="and"|"
- all non-printable ASCII characters below space, except newline (
- Syntax:
%ENCODE{"string"}% - Supported parameters:
Parameter: Description: Default: "string"String to encode required (can be empty) type="safe"Encode special characters into HTML entities to avoid XSS exploits: "<",">","%", single quote (') and double quote (")type="url"type="entity"Encode special characters into HTML entities, like a double quote into ". Does not encode\nor\r.type="url"type="html"As type="entity"except it also encodes\nand\rtype="url"type="quotes"Escape double quotes with backslashes ( \"), does not change other characterstype="url"type="url"Encode special characters for URL parameter use, like a double quote into %22(this is the default) - Example:
%ENCODE{"spaced name"}%expands tospaced%20name -
Notes: - Values of HTML input fields must be entity encoded.
Example:<input type="text" name="address" value="%ENCODE{ "any text" type="entity" }%" /> - Double quotes in strings must be escaped when passed into other TWiki variables.
Example:%SEARCH{ "%ENCODE{ "string with "quotes"" type="quotes" }%" noheader="on" }% - Use
type="entity"ortype="safe"to protect user input from URL parameters and external sources against cross-site scripting (XSS).type="entity"is more aggressive, but some TWiki applications might not work.type="safe"provides a safe middle ground.
- Values of HTML input fields must be entity encoded.
- Related: URLPARAM
TWiki Web
Users
Groups
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding NTP? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.VarENCODE