Best way to prevent XSS +rep

~~Blinger1~~ · 12-04-2009, 09:14 AM

G'day everyone..

Quick question, what is the best way to prevent XSS?
Currently my code is

PHP Code:


function clean($s){
    
    $s = mysql_escape_string($s);

    //remove unwanted tags.
    $search = array("script" , "java", "<scr", "ipt>", "<>", ".location", "<!--", "<noscript", "</noscript>", "<param", "</param>", "<applet", "</applet>", "<meta", "<iframe", "</iframe>", "<form", "</form>");
    // replcae with dots
    $replace = "...";
    // perform the replacement
    $s = str_ireplace($search, $replace, $s);
    
    // strip tags too!
    $s = strip_tags($s, "<p><a><br><b><u><i><br />\r\n");
    
    $s = stripslashes($s);
    return $s;
}

but I feel there is a much better way.. Thanks everyone

+rep btw!

Moved by ReviewDude (Forum Moderator) from 'Coding & Programming'.

~~Blinger1~~ · 15-04-2009, 05:37 AM

Uhh, anyone?

Source · 15-04-2009, 12:39 PM

If you really want to be secure, your best option is to use:

http://www.phpclasses.org/browse/file/8941.html

Its a class that you parse things through, check the examples to get an understanding of how it works. I havn't yet tried it, I was only recently directed to this by caleb.

Thread: Best way to prevent XSS +rep

Thread Tools

Best way to prevent XSS +rep

Posting Permissions