brian_d_foy mentions in Mastering Perl that your suggestion fits the Prussian Stance, whereas the OP's method represents the American Stance. Apparently those terms originated in a talk by Mark Jason Dominus, though I can't seem to find the original talk anywhere online. It may be mentioned in HOP somewhere as well, but I can't recall where to find it.

In short:

The disadvantage (as I see it) to blocklisting is that we must know all possible "bad" characters, whereas with the allowlist, we must only know those good characters we care about. The penalty for omitting an item from a block list is possible security breech. The penalty for omitting an item from a allowlist is potential user frustration, but not a security breech.

The disadvantage (as I see it) to allowlisting is that, particularly in an era of Unicode, the list of acceptable characters either becomes enormous (in which case the potential for accidentally allowing something we shouldn't increases), or becomes limiting in ways that may impede a pleasant user experience.


Dave

In reply to Re^2: Is that a decent concept? by davido
in thread Is that a decent concept? by heatblazer

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.