anti-XSS system (1)
Date 2006-06-20 13:16:00 | Category: PHP
|
I've found much better anti-XSS system like "Big umbrella".
1. check doubtful request (eg. "<script") in the top of application 2. if such requests exist, push an output filter by ob_start() 3. else no ob_start() are pushed (=performance safe) 4. check registered doubtful-requests exist in the html for outputting 5. if exist, die().
I'll write the code in (2)
|
|