Using local locale-sensitive methods on data that should be interpreted in a locale independently -independent fashion can produce unexpected results. Locale independent data includes programming language identifiers, protocol keys and HTML tags. It may even be possible to bypass input filters by supplying locale specific data. For example, if when a string is converted to uppercase, it may be declared valid; however, further down when changed changing the string back to lower case , it during subsequent execution may result in a black-listed string.
...
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
IDS16-J | medium | probable | medium | P8 | L2 |
Automated Detection
...
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
...