Re: Re: Preventing Cross Site Scripting Vulnerbilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Roman Ivanov <gamblergluck@xxxxxxxxx>
Subject: Re: Re: Preventing Cross Site Scripting Vulnerbilities
From: Marco Kaiser <marco.kaiser@xxxxxxxxx>
Date: Thu, 8 Dec 2005 14:52:00 +0100
Cc: php-general@xxxxxxxxxxxxx
In-reply-to: <14.0D.14828.31F67934@xxxxxxxxxxxx>
List-help: <mailto:php-general-help@lists.php.net>
List-post: <mailto:php-general@lists.php.net>
List-unsubscribe: <mailto:php-general-unsubscribe@lists.php.net>
References: <20051207141349.3ae9f1bf.mba2000@xxxxxxxxxx> <14.0D.14828.31F67934@xxxxxxxxxxxx>

Hi,


IMO, the best way to avoid XSS is to filter _output_.
>
> My script:
> http://nengine.korsengineering.com/files/src/misc/HtmlFilter.phps
>

uhm,

1st. filter input
2nd escape output


--
Marco Kaiser

References:
- Preventing Cross Site Scripting Vulnerbilities
  - From: Michael B Allen
- Re: Preventing Cross Site Scripting Vulnerbilities
  - From: Roman Ivanov

Prev by Date: Re: Call to undefined function mysql_real_escape_string()]
Next by Date: RE: Class Constant PHP 5
Previous by thread: Re: Preventing Cross Site Scripting Vulnerbilities
Next by thread: RE: Preventing Cross Site Scripting Vulnerbilities
Index(es):
- Date
- Thread

[Index of Archives] [PHP Home] [Apache Users] [PHP on Windows] [Kernel Newbies] [PHP Install] [PHP Classes] [Pear] [Postgresql] [Postgresql PHP] [PHP on Windows] [PHP Database Programming] [PHP SOAP]

Powered by Linux