Hosting Provided By

Re: Preventing cross site scripting

From: Tim Greer <chatmaster(at)charter.net>
Date: Fri Jun 20 2003 - 00:48:48 EDT

Yes,

That would work for some basic tags that are static. Personally, I don't like PHP... far too buggy and far too many security issues over it's time compared to alternatives such as Perl and C, so I'm not up to speed on all the functions to appreciate it's regex's, though it can use Perl regex's, which is very cool (since they are the most versatile!).

--
Regards,
Tim Greer  chatmaster@charter.net
Server administration, security, programming, consulting.


----- Original Message -----
From: "Mutellip Ablimit" 
To: "Tim Greer" 
Cc: 
Sent: Thursday, June 19, 2003 9:40 PM
Subject: RE: Preventing cross site scripting

> This strip_tags($Text, "<allowed tag>"); will be helpful then. (4php)


tags.

> You can only verify "good" tags. To do otherwise, would be to blindly


accept

> tags--there are no other alternatives to that logic If you only enable


good

> tags, you have control, and you don't have to check for bad tags--since


you

> didn't enable them. otherwise your logic goes into an endless loop and

Received on Fri Jun 20 08:40:22 2003

This message: [ Message body ]
Next message: Antigen_MISS(at)securityfocus.com: "Antigen forwarded attachment"
Previous message: Dawes, Rogan (ZA - Johannesburg): "RE: Input validation"
In reply to Mutellip Ablimit: "RE: Preventing cross site scripting"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:52 EDT