WebApp Sec mailing list archives
RE: Preventing cross site scripting
From: "Mutellip Ablimit" <mutax () insi co jp>
Date: Fri, 20 Jun 2003 13:40:48 +0900
This strip_tags($Text, "<allowed tag>"); will be helpful then. (4php) Regards. ------------ Mutellip Ablimit mutax () insi co jp -----Original Message----- From: Tim Greer [mailto:chatmaster () charter net] Sent: Friday, June 20, 2003 1:03 PM To: Jeremiah Grossman; Mutellip Ablimit Cc: webappsec () securityfocus com Subject: Re: Preventing cross site scripting ----- Original Message ----- From: "Jeremiah Grossman" <jeremiah () whitehatsec com> To: "Mutellip Ablimit" <mutax () insi co jp> Cc: <webappsec () securityfocus com> Sent: Thursday, June 19, 2003 8:00 PM Subject: RE: Preventing cross site scripting
certainly, this is probably the best practice no matter the method. On Thu, 2003-06-19 at 19:46, Mutellip Ablimit wrote:How about apply a loop operation untill get rid of all <bad tag>s.
No, not the best method. This is illogical. You can't "check" for bad tags. You can only verify "good" tags. To do otherwise, would be to blindly accept tags--there are no other alternatives to that logic If you only enable good tags, you have control, and you don't have to check for bad tags--since you didn't enable them. otherwise your logic goes into an endless loop and you'll never be able to get past this problem. It will also make it unnecessarily complicated and inefficient, for such a simple task. -- Regards, Tim Greer chatmaster () charter net Server administration, security, programming, consulting.
Current thread:
- Re: Preventing cross site scripting, (continued)
- Re: Preventing cross site scripting Tim Greer (Jun 19)
- RE: Preventing cross site scripting Mutallip Ablimit (Jun 19)
- RE: Preventing cross site scripting Jeremiah Grossman (Jun 19)
- Re: Preventing cross site scripting Tim Greer (Jun 19)
- Re: Preventing cross site scripting Bob Lee (Jun 19)
- Re: Preventing cross site scripting Tim Greer (Jun 19)
- RE: Preventing cross site scripting David Cameron (Jun 19)
- Re: Preventing cross site scripting Tim Greer (Jun 19)
- RE: Preventing cross site scripting Jeremiah Grossman (Jun 19)
- Re: Preventing cross site scripting Tim Greer (Jun 20)
- RE: Preventing cross site scripting Mutellip Ablimit (Jun 20)
- Re: Preventing cross site scripting Tim Greer (Jun 20)
- Re: Preventing cross site scripting Tim Greer (Jun 20)