Do you mean strategies to avoid this https://xkcd.com/327/ , but in PDF?
No need, the strings you pass are escaped when the PDF is created. Of course you still need some strategies to avoid people to enter "12345" for a name, checking on the length, etc.
Tilman Am 09.08.2015 um 23:10 schrieb Stuart Small:
I am putting together a system that automatically generates some tax forms off of user input. The original PDFs are provided by the IRS, I will just be plugging user input into relevant fields. PDF is a large file format that I don't fully understand. I've been surprised before by some of the things it is capable. So that got me thinking, is there any sanitation I need to perform to the user input before generating the PDF? Or any special cases I should keep in mind when filling in forms with arbitrary strings from an untrusted source. Thanks in advance!
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
