[nycphp-talk] sanitizing user-submitted html
Hans Zaunere
zaunere at yahoo.com
Sat May 31 15:42:34 EDT 2003
--- Chris Snyder <chris at psydeshow.org> wrote:
> strip_attributes() now loops back over the html, checking for new exploits
> created by the replacements. If any are found it decides the post is
> malicious and strips all HTML tags.
>
> Same thing with the src='javascript: checks in safe_html().
>
> http://chxo.com/scripts/safe_html-test.php
>
>
> Horray, I can let people post HTML to my sites again! Unless you find
> another hole in this, James...
Ooo, great thread. pcoms.net is in a shakey state, but I should get it
straightened out tonight so this pCom can get submitted. Thanks Chris!
H
More information about the talk
mailing list