
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML><HEAD>

<META http-equiv=Content-Type content="text/html; charset=us-ascii">

<META content="MSHTML 6.00.6000.16587" name=GENERATOR></HEAD>

<BODY>

<DIV dir=ltr align=left><SPAN class=108495107-10012008><FONT face=&#26032;&#32048;&#26126;&#39636; 

color=#0000ff size=2>More information here:</FONT></SPAN></DIV>

<DIV dir=ltr align=left><SPAN class=108495107-10012008><FONT face=&#26032;&#32048;&#26126;&#39636; 

color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>

<DIV dir=ltr align=left><SPAN class=108495107-10012008><FONT face=&#26032;&#32048;&#26126;&#39636; 

color=#0000ff size=2><A 

href="http://blog.liip.ch/archive/2005/01/16/xss-how-we-try-to-prevent-it.html">http://blog.liip.ch/archive/2005/01/16/xss-how-we-try-to-prevent-it.html</A></FONT></SPAN></DIV>

<DIV dir=ltr align=left><SPAN class=108495107-10012008><FONT face=&#26032;&#32048;&#26126;&#39636; 

color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>

<DIV dir=ltr align=left><SPAN class=108495107-10012008><FONT face=&#26032;&#32048;&#26126;&#39636; 

color=#0000ff size=2>Mark</FONT></SPAN></DIV><BR>

<BLOCKQUOTE dir=ltr 

style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">

  <DIV class=OutlookMessageHeader lang=zh-tw dir=ltr align=left>

  <HR tabIndex=-1>

  <FONT face=Tahoma size=2><B>From:</B> Mark Wu [mailto:mark.wu@markplace.net] 

  <BR><B>Sent:</B> Thursday, January 10, 2008 3:51 PM<BR><B>To:</B> 'LifeType 

  Developer List'<BR><B>Subject:</B> XSS remover<BR></FONT><BR></DIV>

  <DIV></DIV>

  <DIV><FONT face=&#26032;&#32048;&#26126;&#39636; size=2><SPAN class=498514807-10012008>Instead of using 

  the big HTML parser like HTMLPurifier, I think we can use the samll library 

  like this one:</SPAN></FONT></DIV>

  <DIV><FONT face=&#26032;&#32048;&#26126;&#39636; size=2><SPAN 

  class=498514807-10012008></SPAN></FONT>&nbsp;</DIV>

  <DIV><FONT face=&#26032;&#32048;&#26126;&#39636; size=2><SPAN class=498514807-10012008><A 

  href="http://svn.bitflux.ch/repos/public/popoon/trunk/classes/externalinput.php">http://svn.bitflux.ch/repos/public/popoon/trunk/classes/externalinput.php</A></SPAN></FONT></DIV>

  <DIV><FONT face=&#26032;&#32048;&#26126;&#39636; size=2><SPAN 

  class=498514807-10012008></SPAN></FONT>&nbsp;</DIV>

  <DIV><FONT face=&#26032;&#32048;&#26126;&#39636; size=2><SPAN class=498514807-10012008>to remove the XSS 

  attack. It is better then just remove &lt;script&gt;xxx&lt;/script&gt; only 

  ...</SPAN></FONT></DIV>

  <DIV><FONT face=&#26032;&#32048;&#26126;&#39636; size=2><SPAN 

  class=498514807-10012008></SPAN></FONT>&nbsp;</DIV>

  <DIV><FONT face=&#26032;&#32048;&#26126;&#39636; size=2><SPAN class=498514807-10012008>So, we have another 

  alternative solution ~</SPAN></FONT></DIV>

  <DIV><FONT face=&#26032;&#32048;&#26126;&#39636; size=2><SPAN 

  class=498514807-10012008></SPAN></FONT>&nbsp;</DIV>

  <DIV><FONT face=&#26032;&#32048;&#26126;&#39636; size=2><SPAN 

  class=498514807-10012008>Mark</SPAN></FONT></DIV></BLOCKQUOTE></BODY></HTML>