G'day everyone..
Quick question, what is the best way to prevent XSS?
Currently my code isbut I feel there is a much better way.. Thanks everyonePHP Code:function clean($s){
$s = mysql_escape_string($s);
//remove unwanted tags.
$search = array("script" , "java", "<scr", "ipt>", "<>", ".location", "<!--", "<noscript", "</noscript>", "<param", "</param>", "<applet", "</applet>", "<meta", "<iframe", "</iframe>", "<form", "</form>");
// replcae with dots
$replace = "...";
// perform the replacement
$s = str_ireplace($search, $replace, $s);
// strip tags too!
$s = strip_tags($s, "<p><a><br><b><u><i><br />\r\n");
$s = stripslashes($s);
return $s;
}
+rep btw!
Moved by ReviewDude (Forum Moderator) from 'Coding & Programming'.
Results 1 to 3 of 3
Thread: Best way to prevent XSS +rep
-
Best way to prevent XSS +rep
Last edited by ReviewDude; 12-04-2009 at 11:27 AM.
-
Uhh, anyone?
-
If you really want to be secure, your best option is to use:
http://www.phpclasses.org/browse/file/8941.html
Its a class that you parse things through, check the examples to get an understanding of how it works. I havn't yet tried it, I was only recently directed to this by caleb.
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts