Blinger1
12-04-2009, 09:14 AM
G'day everyone..
Quick question, what is the best way to prevent XSS?
Currently my code is
function clean($s){
$s = mysql_escape_string($s);
//remove unwanted tags.
$search = array("script" , "java", "<scr", "ipt>", "<>", ".location", "<!--", "<noscript", "</noscript>", "<param", "</param>", "<applet", "</applet>", "<meta", "<iframe", "</iframe>", "<form", "</form>");
// replcae with dots
$replace = "...";
// perform the replacement
$s = str_ireplace($search, $replace, $s);
// strip tags too!
$s = strip_tags($s, "<p><a><br><b><u><i><br />\r\n");
$s = stripslashes($s);
return $s;
} but I feel there is a much better way.. Thanks everyone :)
+rep btw!
Moved by ReviewDude (Forum Moderator) from 'Coding & Programming'.
Quick question, what is the best way to prevent XSS?
Currently my code is
function clean($s){
$s = mysql_escape_string($s);
//remove unwanted tags.
$search = array("script" , "java", "<scr", "ipt>", "<>", ".location", "<!--", "<noscript", "</noscript>", "<param", "</param>", "<applet", "</applet>", "<meta", "<iframe", "</iframe>", "<form", "</form>");
// replcae with dots
$replace = "...";
// perform the replacement
$s = str_ireplace($search, $replace, $s);
// strip tags too!
$s = strip_tags($s, "<p><a><br><b><u><i><br />\r\n");
$s = stripslashes($s);
return $s;
} but I feel there is a much better way.. Thanks everyone :)
+rep btw!
Moved by ReviewDude (Forum Moderator) from 'Coding & Programming'.