Welcome Guest, Not a member yet? Register   Sign In
XSS am I doing it wrong?
#3

[eluser]stuckinphp[/eluser]
Hah yes you are right.

I've gone with an encode helper function I call everywhere in views and using the XSS filter on input.

I've also set the content type header charset to utf-8.

And my "actually filter all XSS attacks" was more of a dig at the blacklist filter. XSS filtering of this kind will never be 100% but it can be a good start, hoping encoding will curb the rest.


Messages In This Thread
XSS am I doing it wrong? - by El Forum - 09-01-2010, 05:27 PM
XSS am I doing it wrong? - by El Forum - 09-02-2010, 03:27 AM
XSS am I doing it wrong? - by El Forum - 09-02-2010, 02:46 PM



Theme © iAndrew 2016 - Forum software by © MyBB