| HTML Purifier, How-to create a hook for the library? |
[eluser]Michael;[/eluser]
I currently run the xss_clean() function global on all my CI apps, *just* in case ... I was looking over html purifier after reading a couple articles on the issue of xss security. I did a search on the forums and came back with this thread: http://ellislab.com/forums/viewthread/80680/#405862 But there is nothing in the wiki. I also did a Google search and came across a few different links that shows how to use HTML Purifier as a library in CI: http://mindloop.be/htmlpurifier-and-the-codeigniter-framework/ http://webcloud.se/article/Filtering_you...MLPurifier http://www.jimohalloran.com/2007/10/24/b.../#more-716 With all this information, adding HTML Purifier as a library is relatively simple; but I would like to see if it's possible to use HTML Purifier as a replacement for XSS_Clean. Unfortunately I have no idea how to create hooks for CI, anyone wanna help me out with a walk through maybe? Thanks.
[eluser]Michael;[/eluser]
I'm not sure why, but until the last few minutes I had never sat down and actually read through the code in the input library ... At this point in time I think that xss_clean() is just as secure as HTML Purifier is at the moment. I'm going to set up a test page and run through the XSS Cheat Sheet and see if anything pops. Barring that, I think running xss_clean() globally I am in pretty good shape. I'm not sure wrote the input library, or the xss_clean() functions in particular, but I for one would just like to say i appreciate your work.  Michael |
| Welcome Guest, Not a member yet? Register Sign In |
