The program dies at runtime if the runtime detects a misuse of tainted data. The... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jrockway on Aug 22, 2011 \| parent \| context \| favorite \| on: Making Wrong Code Look Wrong The program dies at runtime if the runtime detects a misuse of tainted data. The reality is that nobody uses taint mode, though, for whatever reason. If you look at my comment up the page, the problem that people have is not managing the safety of data, it's making sure that they present the right "view" of that data to the right component. HTML needs to be escaped, but not if it's already been escaped, and so on.

wazoox on Aug 22, 2011 | [–]

> The reality is that nobody uses taint mode, though, for whatever reason.

Uh? I do use it; it's extremely efficient. I'm probably not the only one :)

masklinn on Aug 22, 2011 | [–]

> The program dies at runtime if the runtime detects a misuse of tainted data.

Right, so it's not at compile time. Thank you.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact