WebApp Sec mailing list archives
Re: PHP variable sanitization functions
From: Jean-Jacques Halans <jj () halans be>
Date: Fri, 29 Aug 2003 08:18:37 +0200
Another related sourceforge project: http://sourceforge.net/projects/kses"kses is an HTML/XHTML filter written in PHP. It removes all unwanted HTML elements and attributes, and it also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks."
Halans Jean-Jacques Gavin Zuchlinski wrote:
The script has been updated again, I tried to update it with the suggestions everyone had mentioned. Just a note on my thinking behind creating these functions though (because a few of you noted there are similar functions already in PHP). (1) I wanted to make functions that could be easily ported to other languages, mainly Perl which is why I used regex (2) I wanted to unify sanitization a bit more (with naming and usage), since PHP's functions are stuck all around in every little corner. On the note of (1) I will be translating all the functions over to Perl some time in the next few days, I will send a post out to the list when this is done. Thanks to the interest of everyone a few of the people from this list (Jamie Pratt, hokkaido () serverart org, and myself) are going to be moving the project over to sourceforge and continue development of it there.Gavin Zuchlinski http://libox.net/
Current thread:
- PHP variable sanitization functions Gavin Zuchlinski (Aug 24)
- Re: PHP variable sanitization functions Liam Quinn (Aug 24)
- Re: PHP variable sanitization functions Jamie Pratt (Aug 25)
- Re: PHP variable sanitization functions Gavin Zuchlinski (Aug 25)
- <Possible follow-ups>
- Re: PHP variable sanitization functions Ulf Harnhammar (Aug 26)
- Re: PHP variable sanitization functions Jan Pieter Kunst (Aug 26)
- Re: PHP variable sanitization functions Cameron Green (Aug 26)
- Re: PHP variable sanitization functions Jan Pieter Kunst (Aug 27)
- Re: PHP variable sanitization functions Cameron Green (Aug 27)
- Re: PHP variable sanitization functions Gavin Zuchlinski (Aug 28)
- Re: PHP variable sanitization functions Jean-Jacques Halans (Aug 29)
- Looking for coder.htm / ASCII encoder n30 (Aug 29)
- Re: PHP variable sanitization functions Jan Pieter Kunst (Aug 26)
- Re: PHP variable sanitization functions Liam Quinn (Aug 24)
- Re: PHP variable sanitization functions Tim Tompkins (Aug 29)