On Wed, 07 Dec 2005 14:33:07 -0500
Chris Shiflett <[EMAIL PROTECTED]> wrote:
> Michael B Allen wrote:
> > Can someone recommend a general method for avoiding / eliminating XSS
> > vulnerbilities with PHP?
>
> Yeah, escape output. It's really that simple.
Well after looking at this for a while I
> -Original Message-
> From: Jason Gerfen [mailto:[EMAIL PROTECTED]
> Sent: 07 December 2005 19:34
> To: comex
> Cc: php-general@lists.php.net
> Subject: Re: [PHP] Preventing Cross Site Scripting Vulnerbilities
> function chk_input( $string ) {
> if( eregi(
Ray Hauge wrote:
There's been a lot of great articles in the PHP|Architect magazine
over the past 3 months or so about this (http://www.phparch.com)
You do have to purchase back-issues though.
Past editions of Security Corner are eventually available for free from
my web site:
http://shiflet
There's been a lot of great articles in the PHP|Architect magazine over
the past 3 months or so about this (http://www.phparch.com) You do have
to purchase back-issues though. Very good articles though. They cover
how to make functions to filter what variables should be sent in, and
how to m
comex wrote:
Similarly is there a library function for escaping database content for
inclusion in HTML pages?
http://php.net/htmlspecialchars
http://php.net/htmlentities
Or roll your own and replace the eregi regex with data that is valid to
your application:
function chk_input( $st
Michael B Allen wrote:
Can someone recommend a general method for avoiding / eliminating XSS
vulnerbilities with PHP?
Yeah, escape output. It's really that simple.
Curt Zirzow made a nice post related to this topic yesterday., and
here's a simple example:
http://phpsecurity.org/code/ch01-4
> Similarly is there a library function for escaping database content for
> inclusion in HTML pages?
http://php.net/htmlspecialchars
http://php.net/htmlentities
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
7 matches
Mail list logo
