[pLog-svn] XSS remover
Oscar Renalias
oscar at renalias.net
Thu Jan 10 06:21:03 EST 2008
Sounds like an option... I still like the method of HTMLPurifier, it's
that I'd like to see its memory consumption statistics before we rule
it out.
Oscar
On Jan 10, 2008 9:51 AM, Mark Wu <mark.wu at markplace.net> wrote:
>
>
> More information here:
>
> http://blog.liip.ch/archive/2005/01/16/xss-how-we-try-to-prevent-it.html
>
> Mark
>
>
> ________________________________
> From: Mark Wu [mailto:mark.wu at markplace.net]
> Sent: Thursday, January 10, 2008 3:51 PM
> To: 'LifeType Developer List'
> Subject: XSS remover
>
>
>
>
> Instead of using the big HTML parser like HTMLPurifier, I think we can use
> the samll library like this one:
>
> http://svn.bitflux.ch/repos/public/popoon/trunk/classes/externalinput.php
>
> to remove the XSS attack. It is better then just remove <script>xxx</script>
> only ...
>
> So, we have another alternative solution ~
>
> Mark
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>
More information about the pLog-svn
mailing list