Re: [PHP] Re: Preventing Cross Site Scripting Vulnerbilities

Hi, IMO, the best way to avoid XSS is to filter _output_. > > My script: > http://nengine.korsengineering.com/files/src/misc/HtmlFilter.phps > uhm, 1st. filter input 2nd escape output -- Marco Kaiser

[PHP] Re: Preventing Cross Site Scripting Vulnerbilities

Michael B Allen wrote: Can someone recommend a general method for avoiding / eliminating XSS vulnerbilities with PHP? IMO, the best way to avoid XSS is to filter _output_. My script: http://nengine.korsengineering.com/files/src/misc/HtmlFilter.phps -- PHP General Mailing List (http://www.php.