Canonicalize

Canonicalization is simply the operation of reducing a possibly encoded string down to its simplest form.

This is important, because attackers frequently use encoding to change their input in a way that will bypass validation filters, but still be interpreted properly by the target of the attack.

Note that data encoded more than once is not something that a normal user would generate and should be regarded as an attack.

Canonicalize( input, restrictMultiple, restrictMixed )

Returns: String

Argument Description
input
string, required

the input string to encode

Alias: inputString

restrictMultiple
boolean, required

true if checking for multiple encoding is desired, false otherwise.

Alias: multiple

restrictMixed
boolean, required

true if checking for mixed encoding is desired, false otherwise

Alias: mixed

Examples

plain = "<";
plain_bad = "%26lt; %26lt; %2526lt%253B %2526lt%253B %2526lt%253B";
dump(Canonicalize(plain,true,true));
// checking for malicious string
try {
   dump(Canonicalize(plain_bad,true,true).LogMessage);
} catch (Any e) {
   dump(var = e.LogMessage, label = "exception message");
}

See also