Multiple xss_clean Bypass |
[eluser]Unknown[/eluser]
I started to look into codeigniter security, specifically the xss_clean function. Unfortunately this is a great example of the wrong way to do it. xss_clean relies on black list and filter approach which will never work. I was able to bypass this in 3 unique ways in just a few minuets of testing (will not post them for obvious reasons). I will e-mail them to a member of the development team, but I wanted to post to have this function considered for removal or replaced with something more hardened and depends on a white list like HtmlPurifier. |
Welcome Guest, Not a member yet? Register Sign In |