On Sat, Jun 26, 2021 at 02:30:59PM +0700, Yuri Khan wrote:
> On Sat, 26 Jun 2021 at 13:56, Emanuel Berg via Users list for the GNU
> Emacs text editor <help-gnu-emacs@gnu.org> wrote:
> 
> > Relax, this notion that you shouldn't construct file paths by
> > string functions, nor SQL queries for that matter, and what
> > more? hyperlinks?
> 
> Hyperlinks, too.

Mmm. Yummy hyperlinks. You just have to enter "URL parsing injection" to
enjoy a colourful bestiary. This is user-provided stuff which is parsed
server-side. Creativity!

Two nice links (of... thousands?)

  https://s1gnalcha0s.github.io/node/2015/01/31/SSJS-webshell-injection.html
  https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf

I'm all for DIY, but in this case, it comes with one caveat. Know your
stuff. Read. Have good data models. Read. Test. Read.

Have fun
 - t