52
seCure develoPment For mobIle APPs
Misunderstanding these results has an effect on both the preservation of user
data and the security of your application. A developer needs to be aware of how data
needsto flow into and out of these transitions without being destroyed, or opening a
security hole.
Only One Output Context Anti-Pattern
echo '<tr>';
foreach($row as $key = >$value)
{
echo '<td>',$value,'</td>'; //value could be hyper link
}
echo '</tr>'
It is common to treat all output the same. is is no longer an acceptable practice. In the
case above, the assumption is that the output is HTML, when it could have other con-
texts, such as a hyperlink that might need URL parameters escaped. Every effort needs to
be made to be aware of the output con ...