 
                            ...
Characters and Sequences to Exclude from Whitelists
| Character | Name | 
|---|---|
| 
 | Single and double quote | 
| 
 | Forward slash and backslash | 
| 
 | Double slashes* | 
| space | Space character at beginning or end of string | 
| 
 | Hash character at the beginning of the string | 
| 
 | Angle brackets | 
| 
 | Comma and semicolon | 
| 
 | Addition and multiplication operators | 
| 
 | Round braces | 
| 
 | Unicode  | 
* This is a character sequence.
...
Failure to sanitize untrusted input can result in information disclosure and privilege escalation.
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| The Checker Framework | 
 | Tainting Checker | Trust and security errors (see Chapter 8) | ||||||
| Parasoft Jtest | 
 | CERT.IDS54.TDLDAP | Protect against LDAP injection | ||||||
| SonarQube | 
 | S2078 | 
Bibliography
...
...