| Are you sure about handling SECURITY?! |
|
Hi again,
HTML Purifier: (The apple) Quote:HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.http://htmlpurifier.org/ XSS_clean: (The pear) Quote:CodeIgniter comes with a Cross Site Scripting prevention filter, which looks for commonly used techniques to trigger JavaScript or other types of code that attempt to hijack cookies or do other malicious things. If anything disallowed is encountered it is rendered safe by converting the data to character entities.http://www.codeigniter.com/user_guide/li...-filtering Using HTML purifier when you are not cleaning HTML input is like using a laser precision micro digital measuring device to find out if you need a haircut :-) HTML Purifier does some very clever stuff, but in so doing it is a resource heavy and relatively time consuming operation. I do not think anyone would propose using it on a name field for a form. Hope that helps, Paul. |
| Messages In This Thread |
|
Are you sure about handling SECURITY?! - by pb.sajjad - 07-15-2016, 06:52 AM
RE: Are you sure about handling SECURITY?! - by PaulD - 07-15-2016, 07:13 AM
RE: Are you sure about handling SECURITY?! - by mwhitney - 07-15-2016, 10:19 AM
RE: Are you sure about handling SECURITY?! - by pb.sajjad - 07-17-2016, 12:48 PM
RE: Are you sure about handling SECURITY?! - by mwhitney - 07-18-2016, 01:38 PM
RE: Are you sure about handling SECURITY?! - by PaulD - 07-17-2016, 01:22 PM
RE: Are you sure about handling SECURITY?! - by pb.sajjad - 07-17-2016, 02:46 PM
RE: Are you sure about handling SECURITY?! - by PaulD - 07-17-2016, 04:00 PM
RE: Are you sure about handling SECURITY?! - by pb.sajjad - 07-18-2016, 03:27 AM
|
