Hi,
Can I print untrusted strings to the server log? Or should I be worried about log injection?
Thank you!
Hi,
Can I print untrusted strings to the server log? Or should I be worried about log injection?
Thank you!
I would suggest not doing it. We do only serve log files as text/plain, so it should be safe, but you can view them in a brwoser so it could be combined with another trick to cause something malicious to happen.
Ok. Makes sense! Thanks.