[nycphp-talk] User Input Data scrubbing
Chris Shiflett
shiflett at php.net
Fri Nov 28 15:50:19 EST 2008
On Nov 28, 2008, at 15:40, Michele Waldman wrote:
> I’m looking at two separate issues right now: SQL injection and Html
> injection.
>
> But, I think you can kill two birds with one stone.
Not if you want to adhere to best practices. XSS is not something you
can remove. It's the result of sloppy programming.
On my blog, XSS is talked about a lot, so many of the comments might
appear to be XSS attacks. I haven't (yet) had a vulnerability in my
comment code, despite being a constant target for attack, and despite
the fact that I don't remove any part of anyone's comment.
There's a lot of misinformation out there, so tread carefully.
Chris
--
Chris Shiflett
http://shiflett.org/
More information about the talk
mailing list