...
- Operating system command interpreter (see guideline IDS07-J. Do not pass untrusted, unsanitized data to the Runtime.exec() method)
- A data repository with an SQL-compliant interface
- XML parser
- XPath evaluators
- A SAX (Simple API for XML) or a DOM (Document Object Model) parser
- Lightweight Directory Access Protocol (LDAP) directory service
- Script engines
Many rules address sanitization of untrusted input, especially when such input is passed to a component that can interpret commands or instructions.
When data must be sent to a component in a different trusted domain, the sender must ensure that the data is suitable for the receiver's trust boundary by properly encoding and escaping any data flowing across the trust boundary. For example, if a system is infiltrated by malicious code or data, many attacks are rendered ineffective if the system's output is appropriately escaped and encoded.