01-02-2009, 03:13 PM
[eluser]Michael;[/eluser]
I'm not sure why, but until the last few minutes I had never sat down and actually read through the code in the input library ...
At this point in time I think that xss_clean() is just as secure as HTML Purifier is at the moment. I'm going to set up a test page and run through the XSS Cheat Sheet and see if anything pops. Barring that, I think running xss_clean() globally I am in pretty good shape.
I'm not sure wrote the input library, or the xss_clean() functions in particular, but I for one would just like to say i appreciate your work.
Michael
I'm not sure why, but until the last few minutes I had never sat down and actually read through the code in the input library ...
At this point in time I think that xss_clean() is just as secure as HTML Purifier is at the moment. I'm going to set up a test page and run through the XSS Cheat Sheet and see if anything pops. Barring that, I think running xss_clean() globally I am in pretty good shape.
I'm not sure wrote the input library, or the xss_clean() functions in particular, but I for one would just like to say i appreciate your work.
Michael
