Forums

Print untrusted strings to server log

Hi,

Can I print untrusted strings to the server log? Or should I be worried about log injection?

Thank you!

Beloved premium user b7jl | 27 posts | March 15, 2019, 3:33 p.m. | permalink

I would suggest not doing it. We do only serve log files as text/plain, so it should be safe, but you can view them in a brwoser so it could be combined with another trick to cause something malicious to happen.

Staff glenn | 9718 posts | PythonAnywhere staff | March 15, 2019, 5 p.m. | permalink

Ok. Makes sense! Thanks.

Beloved premium user b7jl | 27 posts | March 15, 2019, 5:52 p.m. | permalink