[Cialug] XSS input filtering
Barry Von Ahsen
barry at vonahsen.com
Wed Nov 7 07:53:07 CST 2012
I have not - it looks simple, but also looks like it has a few issues, but what doesn't
there is also the OWASP ESAPI project - https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API - more complicated, but I'd wager more comprehensive too
mod_security can also help with reflected XSS, but not so much with persistent XSS (last I checked)
I'm guessing both give what you're willing to put in to them, but this area his hard - sometimes you want html inputs (tinymce/fckeditor areas, punycode, etc), just not all of it. then you're into writing your own regexes (or using the dodgy-looking user contributed functions on the strip_tags php page)
bring on the 'PHP is teh sux' chorus…
-barry
On Nov 7, 2012, at 6:35 AM, Dave Hala Jr wrote:
> Anyone had any success using the php strip_tags function for input
> filtering? It looks like a simple solution for filtering input and
> output and avoiding XSS issues.
>
>
> :) Dave
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list