|
Vulnerability Development
mailing list archives
Re: CROSS SITE-SCRIPTING Protection with PHP
From: "M. Zeeshan Mustafa" <security () zeeshan net>
Date: Fri, 11 Oct 2002 10:48:13 +0600
You can refer to these sites as well for FAQs on secure coding.
http://www.cert.org/tech_tips/malicious_code_mitigation.html
http://www.perl.com/pub/a/2002/02/20/css.html
Regards,
--
M. Zeeshan Mustafa
Software Security Specialist & Architect
E: security () zeeshan net
C: +92(0)300-9249567
W: http://www.zeeshan.net
On Friday 11 October 2002 05:41 am, Astalavista Baby wrote:
::::: Dear Vuln-Dev@,
:::::
::::: I am searching for a robust and easy way to protect all the PHP sites
::::: against XSS attacks. I would like to see more and better ways ?!
:::::
::::: My idea: ( I think this is not safe enough?)
:::::
::::: function make_clean($value){
::::: $value = htmlspecialchars($value)
::::: $value = str_replace("%2B", "", $value);
::::: .... more ..
::::: return $value;
::::: }
:::::
::::: if (!empty($_GET)){
::::: foreach( $_GET as $key=>$value )
::::: {$$key = make_clean($value);}
::::: }
::::: if (!empty($_POST)){
::::: foreach( $_POST as $key=>$value )
::::: {$$key = make_clean($value);}
::::: }
::::: if (!empty($_SESSION)){
::::: foreach( $_SESSION as $key=>$value )
::::: {$$key = make_clean($value);}
::::: }
::::: if (!empty($_COOKIE)){
::::: foreach( $_COOKIE as $key=>$value )
::::: {$$key = make_clean($value);}
::::: }
:::::
:::::
::::: /IV/N
::::: http://www.astalavista.net/
:::::
:::::
 By Date 
By Thread
Current thread:
RE: CROSS SITE-SCRIPTING Protection with PHP Rob Shein (Oct 12)
Re: CROSS SITE-SCRIPTING Protection with PHP M. Zeeshan Mustafa (Oct 11)
RE: CROSS SITE-SCRIPTING Protection with PHP b0iler _ (Oct 15)
|
