On 11/26/2016 06:26 PM, Nathan Ernst wrote: > Sure, what if the input used a double quote instead of single, cursory > glance looks like it might vulnerable. Either a single quote or a double quote would not pass the sanitizer. Or am I misunderstanding you?