On 21/04/07, Chris Shiflett <shiflett@xxxxxxx> wrote:
Dotan Cohen wrote: > > I recommend you dig deeper into that xss page you might even > > find a script that filters xss. > > Obviously I keep missing it. You might find these examples useful: http://phpsecurity.org/code/ch01-3 http://phpsecurity.org/code/ch01-4 Hope that helps. Chris
Thanks, Chris. I think that I see your book in my future! One note, I remove semicolons from the user input to thrart SQL injection as they can be used to terminate an SQL query and are very uncommon in regular speech. However, htmlspecialchars() and htmlentities add semicolons when converting. Is this dangerous, ie, can this be exploited? Dotan Cohen http://what-is-what.com/what_is/sitepoint.html http://lyricslist.com/lyrics/artist_albums/466/sugar_ray.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
