• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
xss_clean dosen't work propertly

#21
[eluser]Unknown[/eluser]
[quote author="Ambush Commander" date="1183064613"]Or, take the alternative, and use HTML Purifier. :-) HTML Purifier is kind of big though... you'd be basically doubling your framework size if you package it in, so I don't recommend that. It is, however, a library, not a framework, so it plays well with other libraries/frameworks. Perhaps it could be a "recommended" XSS solution?[/quote]

I agree it's way too big for cleaning all input, but from what I know HTML Purifier is the only filter that is really hard to bypass (if it's possible at all). xss_clean(), as any regexp-based blacklist filter, has little chance to be 100% XSS-safe. My vote is always for HTML Purifier Smile
Best regards,
Łukasz Pilorz


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.