How do you safely do this?
HTTPS://site.com/data/ + protect(untrusted);
URL encoding is not the answer, it still allows path traversal. Base64 encoding is not the answer, the + and / characters, legal in base64, can skew a URL.
HTTPS://site.com/data/ + protect(untrusted);
URL encoding is not the answer, it still allows path traversal. Base64 encoding is not the answer, the + and / characters, legal in base64, can skew a URL.