Canonicalize

Canonicalization is simply the operation of reducing a possibly encoded string down to its simplest form. This is important, because attackers frequently use encoding to change their input in a way that will bypass validation filters, but still be interpreted properly by the target of the attack. Note that data encoded more than once is not something that a normal user would generate and should be regarded as an attack.

Returns: string

Usage

Canonicalize( input, restrictMultiple, restrictMixed )

Arguments

Argument Description
input
(string, required)

the input string to encode

restrictMultiple
(boolean, required)

true if checking for multiple encoding is desired, false otherwise.

restrictMixed
(boolean, required)

true if checking for mixed encoding is desired, false otherwise

Examples

plain = "<";
plain_bad = "%26lt; %26lt; %2526lt%253B %2526lt%253B %2526lt%253B";

dump(Canonicalize(plain,true,true));

// checking for malicious string
try {
   dump(Canonicalize(plain_bad,true,true).LogMessage);
} catch (Any e) {
   dump(var = e.LogMessage, label = "exception message");
}