WebApp Sec mailing list archives
Re: Preventing cross site scripting
From: Matt Rohrer <matt () prognostikos com>
Date: Fri, 20 Jun 2003 01:43:46 -0700
On Thu, Jun 19, 2003 at 07:28:06PM +0100, Andrew Beverley wrote:
I am currently writing a web application that, as a small part of it, needs to display an email message. Obviously the message is potentially in html format, which to display could be sent straight to the browser.
[...]
Are there any functions available (for php) that will take a html page as input and strip out all nasty stuff? Does anyone have suggestions as to how to do this as easy as possible?
<http://www.mricon.com/html/phpfilter.html> is supposedly the filtering code used by SquirrelMail. It seems to be fairly robust. Matt
Current thread:
- Re: Preventing cross site scripting, (continued)
- Re: Preventing cross site scripting Laurian Gridinoc (Jun 20)
- Re: Preventing cross site scripting Tim Greer (Jun 20)
- Re: Preventing cross site scripting Laurian Gridinoc (Jun 20)
- Re: Preventing cross site scripting Tim Greer (Jun 20)
- Re: Preventing cross site scripting Laurian Gridinoc (Jun 21)
- Re: Preventing cross site scripting Tim Greer (Jun 21)
- Message not available
- Re: Preventing cross site scripting Tim Greer (Jun 21)
- Re: Preventing cross site scripting Laurian Gridinoc (Jun 21)
- Re: Preventing cross site scripting Tim Greer (Jun 21)
- Re: Preventing cross site scripting Tim Greer (Jun 20)
- Re: Preventing cross site scripting Tim Greer (Jun 19)
- Re: Preventing cross site scripting Alex Lambert (Jun 19)
- Re: Preventing cross site scripting Tim Greer (Jun 19)
- RE: Preventing cross site scripting Mutallip Ablimit (Jun 19)
- RE: Preventing cross site scripting Jeremiah Grossman (Jun 19)
- Re: Preventing cross site scripting Tim Greer (Jun 19)