PEAK XOOPS - anti-XSS system (1)

anti-XSS system (1)

Date 2006-06-20 13:16:00 | Category: PHP

I've found much better anti-XSS system like "Big umbrella".

1. check doubtful request (eg. "<script") in the top of application
2. if such requests exist, push an output filter by ob_start()
3. else no ob_start() are pushed (=performance safe)
4. check registered doubtful-requests exist in the html for outputting
5. if exist, die().

I'll write the code in (2)

You can read more news at PEAK XOOPS.
http://xoops.peak.ne.jp

The URL for this story is:
http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=126