Welcome Guest, Not a member yet? Register   Sign In
XSS replaces in the documentation
#2

(This post was last modified: 02-10-2018, 02:03 PM by Elias.)

And as it seems to me, I found a bug in xss_clean() function/method:
xss_clean() translates

Code:
<video poster="http://vseprosto.top/wp-content/uploads/2016/10/CodeIgniter-Development.jpg" controls><source src="/mov_bbb.ogg"></video>

to

Code:
&lt;video poster="http://vseprosto.top/wp-content/uploads/2016/10/CodeIgniter-Development.jpg" controls&gt;<source src="/mov_bbb.ogg">&lt;/video&gt;

Also works for <audio> tag.
Reply


Messages In This Thread
XSS replaces in the documentation - by Elias - 02-02-2018, 11:57 AM
RE: XSS replaces in the documentation - by Elias - 02-10-2018, 12:46 PM
RE: XSS replaces in the documentation - by falko - 02-10-2018, 11:23 PM
RE: XSS replaces in the documentation - by PaulD - 02-11-2018, 04:08 AM
RE: XSS replaces in the documentation - by Elias - 02-11-2018, 09:57 AM
RE: XSS replaces in the documentation - by PaulD - 02-11-2018, 11:15 AM
RE: XSS replaces in the documentation - by Narf - 02-12-2018, 06:24 AM
RE: XSS replaces in the documentation - by Elias - 02-12-2018, 07:21 AM
RE: XSS replaces in the documentation - by Narf - 02-14-2018, 11:28 AM
RE: XSS replaces in the documentation - by Elias - 02-15-2018, 08:01 AM
RE: XSS replaces in the documentation - by Narf - 02-22-2018, 01:31 AM



Theme © iAndrew 2016 - Forum software by © MyBB