Vulnerability Development mailing list archives
CROSS SITE-SCRIPTING Protection with PHP
From: Astalavista Baby <info () astalavista com>
Date: 10 Oct 2002 23:41:34 -0000
Dear Vuln-Dev@, I am searching for a robust and easy way to protect all the PHP sites against XSS attacks. I would like to see more and better ways ?! My idea: ( I think this is not safe enough?) function make_clean($value){ $value = htmlspecialchars($value) $value = str_replace("%2B", "", $value); .... more .. return $value; } if (!empty($_GET)){ foreach( $_GET as $key=>$value ) {$$key = make_clean($value);} } if (!empty($_POST)){ foreach( $_POST as $key=>$value ) {$$key = make_clean($value);} } if (!empty($_SESSION)){ foreach( $_SESSION as $key=>$value ) {$$key = make_clean($value);} } if (!empty($_COOKIE)){ foreach( $_COOKIE as $key=>$value ) {$$key = make_clean($value);} } /IV/N http://www.astalavista.net/
Current thread:
- CROSS SITE-SCRIPTING Protection with PHP Astalavista Baby (Oct 10)
- Re: CROSS SITE-SCRIPTING Protection with PHP Valdis . Kletnieks (Oct 10)
- Re: CROSS SITE-SCRIPTING Protection with PHP Marvin Simkin (Oct 11)
- Re: CROSS SITE-SCRIPTING Protection with PHP Sverre H. Huseby (Oct 12)
- RE: CROSS SITE-SCRIPTING Protection with PHP Rob Shein (Oct 14)
- Re: CROSS SITE-SCRIPTING Protection with PHP Sverre H. Huseby (Oct 14)
- Re: CROSS SITE-SCRIPTING Protection with PHP Sverre H. Huseby (Oct 14)
- Re: CROSS SITE-SCRIPTING Protection with PHP Valdis . Kletnieks (Oct 14)
- Re: CROSS SITE-SCRIPTING Protection with PHP Dan Kaminsky (Oct 14)
- Hashes,File protection,etc Dave Aitel (Oct 14)
- Re: Hashes,File protection,etc Dan Kaminsky (Oct 14)
- Re: CROSS SITE-SCRIPTING Protection with PHP Marvin Simkin (Oct 11)
- Re: CROSS SITE-SCRIPTING Protection with PHP Valdis . Kletnieks (Oct 10)