You can refer to these sites as well for FAQs on secure coding. http://www.cert.org/tech_tips/malicious_code_mitigation.html http://www.perl.com/pub/a/2002/02/20/css.html Regards, -- M. Zeeshan Mustafa Software Security Specialist & Architect E: securityat_private C: +92(0)300-9249567 W: http://www.zeeshan.net On Friday 11 October 2002 05:41 am, Astalavista Baby wrote: ::::: Dear Vuln-Dev@, ::::: ::::: I am searching for a robust and easy way to protect all the PHP sites ::::: against XSS attacks. I would like to see more and better ways ?! ::::: ::::: My idea: ( I think this is not safe enough?) ::::: ::::: function make_clean($value){ ::::: $value = htmlspecialchars($value) ::::: $value = str_replace("%2B", "", $value); ::::: .... more .. ::::: return $value; ::::: } ::::: ::::: if (!empty($_GET)){ ::::: foreach( $_GET as $key=>$value ) ::::: {$$key = make_clean($value);} ::::: } ::::: if (!empty($_POST)){ ::::: foreach( $_POST as $key=>$value ) ::::: {$$key = make_clean($value);} ::::: } ::::: if (!empty($_SESSION)){ ::::: foreach( $_SESSION as $key=>$value ) ::::: {$$key = make_clean($value);} ::::: } ::::: if (!empty($_COOKIE)){ ::::: foreach( $_COOKIE as $key=>$value ) ::::: {$$key = make_clean($value);} ::::: } ::::: ::::: ::::: /IV/N ::::: http://www.astalavista.net/ ::::: :::::
This archive was generated by hypermail 2b30 : Fri Oct 11 2002 - 14:31:08 PDT