Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CROSS SITE-SCRIPTING Protection with PHP

From: "M. Zeeshan Mustafa" <security () zeeshan net>
Date: Fri, 11 Oct 2002 10:48:13 +0600
You can refer to these sites as well for FAQs on secure coding.

http://www.cert.org/tech_tips/malicious_code_mitigation.html
http://www.perl.com/pub/a/2002/02/20/css.html

Regards,
-- 
M. Zeeshan Mustafa
Software Security Specialist & Architect
E: security () zeeshan net
C: +92(0)300-9249567
W: http://www.zeeshan.net

On Friday 11 October 2002 05:41 am, Astalavista Baby wrote:
::::: Dear Vuln-Dev@,
::::: 
::::: I am searching for a robust and easy way to protect all the PHP sites 
::::: against XSS attacks. I would like to see more and better ways ?!
::::: 
::::: My idea: ( I think this is not safe enough?)
::::: 
::::: function make_clean($value){
:::::   $value = htmlspecialchars($value) 
:::::   $value = str_replace("%2B", "", $value);
:::::   .... more ..
:::::   return $value;
::::: }
::::: 
::::: if (!empty($_GET)){
::::: foreach( $_GET as $key=>$value )
:::::  {$$key = make_clean($value);}
::::: }
::::: if (!empty($_POST)){
::::: foreach( $_POST as $key=>$value )
:::::  {$$key = make_clean($value);}
::::: }
::::: if (!empty($_SESSION)){
::::: foreach( $_SESSION as $key=>$value )
:::::  {$$key = make_clean($value);}
::::: }
::::: if (!empty($_COOKIE)){
::::: foreach( $_COOKIE as $key=>$value )
:::::  {$$key = make_clean($value);}
::::: }
::::: 
::::: 
::::: /IV/N
::::: http://www.astalavista.net/
::::: 
:::::
Previous By Date Next
Previous By Thread Next

Current thread: