Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming xss_clean on images
xss_clean on images
  • El Forum
    Unregistered
  •  
#1
05-17-2008, 07:58 PM

[eluser]Seppo[/eluser]
I was checking out the xss_clean on images new feature... and it just doesn't work as expected... out of 16 JPG images I had on my Computer, only 4 passed this test, most of them have a "<?" inside... also lines 754-755 (at revision 1171) says

Code:
* Adobe Photoshop puts XML metadata into JFIF images, including namespacing,
* so we have to allow this for images. -Paul

but it's not useless to allow xmlns if you are not allowing xml (forbidding the use of "<?") so no photoshop / jfif image is accepted, anyway (I tried creating a couple of jfif with photoshop and all had "<?")...
I understand the risks of allowing uploads without XSS clean up, but this functionality, as is, seems to be too much restrictive, up to a level that no site can really use it...

Any thoughts?


Messages In This Thread
xss_clean on images - by El Forum - 05-17-2008, 07:58 PM
xss_clean on images - by El Forum - 05-17-2008, 08:28 PM
xss_clean on images - by El Forum - 05-17-2008, 08:53 PM
xss_clean on images - by El Forum - 05-18-2008, 06:13 AM
xss_clean on images - by El Forum - 05-18-2008, 06:38 AM
xss_clean on images - by El Forum - 05-18-2008, 08:20 AM
xss_clean on images - by El Forum - 05-18-2008, 08:32 AM
xss_clean on images - by El Forum - 05-18-2008, 10:11 AM
xss_clean on images - by El Forum - 05-18-2008, 12:43 PM
xss_clean on images - by El Forum - 05-21-2008, 01:39 PM
xss_clean on images - by El Forum - 05-22-2008, 01:07 AM



Theme © iAndrew 2016 - Forum software by © MyBB