xss_clean on images

xss_clean on images

El Forum
Unregistered

05-17-2008, 08:28 PM

[eluser]Pascal Kriete[/eluser]
It's an iffy decision to make. On one hand developers should know that allowing people to post images can be harmful. On the other hand some browsers (cough opera cough) allow all kinds of nonsense in image tags.

This same line has been in EE for a while, although the rest of the class is less restrictive. Is it just that one line that's causing problems?

I do have to agree that with that many false positives it's not a great solution.

Messages In This Thread

xss_clean on images - by El Forum - 05-17-2008, 07:58 PM

xss_clean on images - by El Forum - 05-17-2008, 08:28 PM

xss_clean on images - by El Forum - 05-17-2008, 08:53 PM

xss_clean on images - by El Forum - 05-18-2008, 06:13 AM

xss_clean on images - by El Forum - 05-18-2008, 06:38 AM

xss_clean on images - by El Forum - 05-18-2008, 08:20 AM

xss_clean on images - by El Forum - 05-18-2008, 08:32 AM

xss_clean on images - by El Forum - 05-18-2008, 10:11 AM

xss_clean on images - by El Forum - 05-18-2008, 12:43 PM

xss_clean on images - by El Forum - 05-21-2008, 01:39 PM

xss_clean on images - by El Forum - 05-22-2008, 01:07 AM