PHP file to help prevent many common XSS attack vectors

We try to prevent that since some time with different approaches.
For example, we allow only certain tags in comments (with the help of
strip_tags()), we don’t make links clickable, and use tidy for further
clean up, but we also wrote a little method, which tries to clean the
most common exploit attempts with some preg magic. But I doubt, that we
catch every possible exploit…

source code of the method can be found here and you can test it out at

Bitflux Blog :: XSS – How we try to prevent it.

This entry was posted in Programming. Bookmark the permalink.