Anti XSS Filter PHP

Printable View

Show 100 post(s) from this thread on one page

13-03-12
Joopie

Re: Anti XSS Filter PHP

What about strip_tags/htmlentries/real escape string

We don't need that hardcore function of you?

Also, Where is that post of kryptos, I wanna like it ;x

Edit: forgot filter_var...
13-03-12
azaidi

Re: Anti XSS Filter PHP

Quote:

Originally Posted by pepijndut

Owh okay.. What is XSS :P
I don't know anything about security xD

Pepijn =D

Javascript exploits like putting <script>alert('You suck')</script> in your motto in the client and then go to the Online Users page and look at your motto. If it isn't filtered it would give you an alert "You suck".
13-03-12
nickymonsma

Re: Anti XSS Filter PHP

True :p;P:P:P:P:P:P:P:P:P:P:P:P:P:P
13-03-12
leenster

Quote:

Originally Posted by azaidi

Javascript exploits like putting <script>alert('You suck')</script> in your motto in the client and then go to the Online Users page and look at your motto. If it isn't filtered it would give you an alert "You suck".

You can also do that with room descriptions if your cms shows your rooms.
Posted via Mobile Device
13-03-12
pepijndut

Re: Anti XSS Filter PHP

Thanks everyone =D. I now know what XSS is :P

Pepijn =D
14-03-12
azaidi

Re: Anti XSS Filter PHP

Quote:

Originally Posted by leenster

You can also do that with room descriptions if your cms shows your rooms.
Posted via Mobile Device

There are some more things but the motto exploit is the most important one.
14-03-12
Pure

Re: Anti XSS Filter PHP

i hurd u no like indents or whitespace
15-03-12
djboetz

Re: Anti XSS Filter PHP

XSS may refer to:
Cross-site scripting, a vulnerability in web applications which attackers may exploit to steal users' information
XSS file, a Microsoft Visual Studio Dataset Designer Surface Data file
Assan language, has the ISO 639-3 code xss
17-03-12
EvilCoder

Re: Anti XSS Filter PHP

This is real crap.

You practicly stole this injection filter from web, and its so useless.

Code:

foreach($_GET as $key => $value){ $_GET[$key] = mysql_real_escape_string(htmlspecialchars(addslashes($value),ENT_QUOTES)); } foreach($_POST as $key => $value){ $_POST[$key] = mysql_real_escape_string(htmlspecialchars(addslashes($value),ENT_QUOTES)); } foreach($_REQUEST as $key => $value){ $_REQUEST[$key] = mysql_real_escape_string(htmlspecialchars(addslashes($value),ENT_QUOTES)); }

Past this in your config.php file. And you're done. That is all useless crap.

Quote:

Originally Posted by joopie

What about strip_tags/htmlentries/real escape string

We don't need that hardcore function of you?

Also, Where is that post of kryptos, I wanna like it ;x

Edit: forgot filter_var...

Agree. He is just reposting functions with some function.

WTH?! Nothing is even calling the function: function RemoveXSS($val).....
You're really dumb with PHP. You need to call the function if you add it.

omg?!?!. This guy thinks php does all the work itself >_<'

Show 100 post(s) from this thread on one page