Menu
Does anyone know of a good function out there for filtering generic input from forms? Zend_Filter_input seems to require prior knowledge of the contents of the input and I'm concerned that using something like HTML Purifier will have a big performance impact.
What about something like : http://snipplr.com/view/1848/php--sacar-xss/
Many thanks for any input.
540
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.
Cross-site scripting (XSS) is a computer security vulnerability that allows malicious attackers to inject client-side script into web pages viewed by other users. You can use the Cross-site Scripting Filter setting to check all HTTP GET requests sent to IBM® OpenPages® with Watson™.
Using htmlspecialchars() function – The htmlspecialchars() function converts special characters to HTML entities. For a majority of web-apps, we can use this method and this is one of the most popular methods to prevent XSS.
Use the PHP htmlspecialchars() function to convert special characters to HTML entities. Always escape a string before displaying it on a webpage using the htmlspecialchars() function to prevent XSS attacks.
Simple way? Use strip_tags():
$str = strip_tags($input); You can also use filter_var() for that:
$str = filter_var($input, FILTER_SANITIZE_STRING); The advantage of filter_var() is that you can control the behaviour by, for example, stripping or encoding low and high characters.
Here is a list of sanitizing filters.
86
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
