Re: Preventing Cross Site Scripting Vulnerbilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: php-general@xxxxxxxxxxxxx
Subject: Re: Preventing Cross Site Scripting Vulnerbilities
From: Roman Ivanov <gamblergluck@xxxxxxxxx>
Date: Wed, 07 Dec 2005 18:21:16 -0500
In-reply-to: <20051207141349.3ae9f1bf.mba2000@xxxxxxxxxx>
List-help: <mailto:php-general-help@lists.php.net>
List-post: <mailto:php-general@lists.php.net>
List-unsubscribe: <mailto:php-general-unsubscribe@lists.php.net>
References: <20051207141349.3ae9f1bf.mba2000@xxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0.7 (X11/20050923)

Michael B Allen wrote:

Can someone recommend a general method for avoiding / eliminating XSS
vulnerbilities with PHP?


IMO, the best way to avoid XSS is to filter _output_.

My script:
http://nengine.korsengineering.com/files/src/misc/HtmlFilter.phps

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Follow-Ups:
- Re: Re: Preventing Cross Site Scripting Vulnerbilities
  - From: Marco Kaiser

References:
- Preventing Cross Site Scripting Vulnerbilities
  - From: Michael B Allen

Prev by Date: Re: Non-trivial task of converting text to HTML
Next by Date: Re: Non-trivial task of converting text to HTML
Previous by thread: Re: Preventing Cross Site Scripting Vulnerbilities
Next by thread: Re: Re: Preventing Cross Site Scripting Vulnerbilities
Index(es):
- Date
- Thread

[Index of Archives] [PHP Home] [Apache Users] [PHP on Windows] [Kernel Newbies] [PHP Install] [PHP Classes] [Pear] [Postgresql] [Postgresql PHP] [PHP on Windows] [PHP Database Programming] [PHP SOAP]

Powered by Linux