From: M. Zeeshan Mustafa (security_at_zeeshan.net)
Date: Thu Oct 10 2002 - 23:48:13 CDT
Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
You can refer to these sites as well for FAQs on secure coding.
http://www.cert.org/tech_tips/malicious_code_mitigation.html
http://www.perl.com/pub/a/2002/02/20/css.html
Regards,
--
M. Zeeshan Mustafa
Software Security Specialist & Architect
E: security zeeshan.net
C: +92(0)300-9249567
W: http://www.zeeshan.net
On Friday 11 October 2002 05:41 am, Astalavista Baby wrote:
::::: Dear Vuln-Dev,
:::::
::::: I am searching for a robust and easy way to protect all the PHP sites
::::: against XSS attacks. I would like to see more and better ways ?!
:::::
::::: My idea: ( I think this is not safe enough?)
:::::
::::: function make_clean($value){
::::: $value = htmlspecialchars($value)
::::: $value = str_replace("%2B", "", $value);
::::: .... more ..
::::: return $value;
::::: }
:::::
::::: if (!empty($_GET)){
::::: foreach( $_GET as $key=>$value )
::::: {$$key = make_clean($value);}
::::: }
::::: if (!empty($_POST)){
::::: foreach( $_POST as $key=>$value )
::::: {$$key = make_clean($value);}
::::: }
::::: if (!empty($_SESSION)){
::::: foreach( $_SESSION as $key=>$value )
::::: {$$key = make_clean($value);}
::::: }
::::: if (!empty($_COOKIE)){
::::: foreach( $_COOKIE as $key=>$value )
::::: {$$key = make_clean($value);}
::::: }
:::::
:::::
::::: /IV/N
::::: http://www.astalavista.net/
:::::
:::::
|
