On Wed, 07 Dec 2005 14:33:07 -0500 Chris Shiflett <shiflett@xxxxxxx> wrote: > Michael B Allen wrote: > > Can someone recommend a general method for avoiding / eliminating XSS > > vulnerbilities with PHP? > > Yeah, escape output. It's really that simple. Well after looking at this for a while I agree that makes the most sense. It's a little unnerving to let scripts find their way into the database but with in combination with strong validation that can be minimized and in many cases eliminated. Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
