Tag Stripping Revisited.

    Date: 03/18/05 (PHP Community)    Keywords: php, html, java

    There were many valid comments on this thread. I've finally had time lately to address the problems with my article by uploading my InputFilter class to phpclasses.org.

    The Blurb:
    This class can filter input of stray or malicious PHP, Javascript or HTML tags.
    It can be used to prevent cross-site scripting (XSS) attacks.

    It should be used to filter input supplied by the user, such as an HTML code entered in form fields. You create the filter object, configure it with your own settings, then call its process method to clean the form input values.

    Example:
    allowed tags: em, br
    allowed attributes: title, selected

    before: I hope this g>worksg>,
    dont you?
    after: I hope this works,
    dont you?

    Source: http://www.livejournal.com/community/php/274745.html

« Clean fields? || css / div / php / firefox... »
Search  •  Site Map  •  Set as Homepage  •  Add to Favourites  • 
antivirus | apache | asp | blogging | browser | bugtracking | cms | crm | css | database | ebay | ecommerce | google | hosting | html | java | jsp | linux | microsoft | mysql | offshore | offshoring | oscommerce | php | postgresql | programming | rss | security | seo | shopping | software | spam | spyware | sql | technology | templates | tracker | virus | web | xml | yahoo | home