('binary' encoding is not supported, stored as-is) Dear Vuln-Dev@, I am searching for a robust and easy way to protect all the PHP sites against XSS attacks. I would like to see more and better ways ?! My idea: ( I think this is not safe enough?) function make_clean($value){ $value = htmlspecialchars($value) $value = str_replace("%2B", "", $value); .... more .. return $value; } if (!empty($_GET)){ foreach( $_GET as $key=>$value ) {$$key = make_clean($value);} } if (!empty($_POST)){ foreach( $_POST as $key=>$value ) {$$key = make_clean($value);} } if (!empty($_SESSION)){ foreach( $_SESSION as $key=>$value ) {$$key = make_clean($value);} } if (!empty($_COOKIE)){ foreach( $_COOKIE as $key=>$value ) {$$key = make_clean($value);} } /IV/N http://www.astalavista.net/
This archive was generated by hypermail 2b30 : Thu Oct 10 2002 - 16:59:53 PDT