commit 90f2d148d64341ec6d13ad82068f38a968565a99
parent c99a5ad4ebe69b6c23e01d19fd704f2e3badbc41
Author: Michael Savage <mikejsavage@gmail.com>
Date: Mon, 16 Feb 2015 21:19:32 +0000
Words
Diffstat:
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
@@ -45,8 +45,9 @@ Security concerns
Generated keys and ciphertexts will use the full range of ASCII values.
They should be handled with care - displaying them as-is can introduce
subtle flaws. For example, keys and ciphertexts can contain quotes,
-which makes them unsafe to insert into SQL queries<sup>1</sup>, HTML and
-JSON. If in doubt, base64/hex encode them.
+which makes them unsafe to insert into SQL queries<sup>1</sup>. If in
+doubt, base64/hex encode them. I may change my mind and encode by
+default in future (major) releases.
[sql]: http://dc406.com/home/393-sql-injection-with-raw-md5-hashes.html
