Security Issues (input and output) |
(04-29-2016, 07:18 AM)CINewb Wrote: Just a quick one, could anyone explain why we should use xss_clean() ? Please refer to this link, you will know why htmlspechialchar and htmlentities are not foolproof. http://php.net/manual/en/function.htmlen....php#99896 The basic idea is, it will allow the some scripts like- javascript:alert(document.cookie). xss_clean() would handle it by replacing "javascript:" to "[removed]" "document.cookie" to "[removed]" and many more bad words like this, you can see this in system\core\Security.php. Of course, nothing is a full solution in security field but it is one of the best tool present. |
Messages In This Thread |
Security Issues (input and output) - by raghavgarg - 04-23-2016, 05:19 PM
RE: Security Issues (input and output) - by wishmaster - 04-25-2016, 12:32 PM
RE: Security Issues (input and output) - by mwhitney - 04-26-2016, 09:55 AM
RE: Security Issues (input and output) - by CINewb - 04-29-2016, 07:18 AM
RE: Security Issues (input and output) - by raghavgarg - 04-29-2016, 02:52 PM
|