On 21/04/07, Chris Shiflett <[EMAIL PROTECTED]> wrote:
Dotan Cohen wrote:
> > I recommend you dig deeper into that xss page you might even
> > find a script that filters xss.
>
> Obviously I keep missing it.
You might find these examples useful:
http://phpsecurity.org/code/ch01-3
http://phpsecurity.org/code/ch01-4
Hope that helps.
Chris
Thanks, Chris. I think that I see your book in my future!
One note, I remove semicolons from the user input to thrart SQL
injection as they can be used to terminate an SQL query and are very
uncommon in regular speech. However, htmlspecialchars() and
htmlentities add semicolons when converting. Is this dangerous, ie,
can this be exploited?
Dotan Cohen
http://what-is-what.com/what_is/sitepoint.html
http://lyricslist.com/lyrics/artist_albums/466/sugar_ray.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
