Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re: Preventing XSS

by b10m (Vicar)
on Sep 19, 2007 at 19:44 UTC ( #639983=note: print w/ replies, xml ) Need Help??


in reply to Preventing XSS

I'm afraid you don't get the concept of XSS. You're dealing with encoding/HTML Entity problems, which is bad, but completely different than XSS "protection".

For XSS "protection", have a look at HTML::StripScripts, it works rather well :-)

Update: after reading your post again, it does seem you want to prevent XSS attacks (by using HTML::Entities) yet you don't want your "crazy letters" to be lost ;-). I'm not sure HTML::Entities will bulletproof your script. Have a look at HTML::StripScripts, really. But experts my say HTML::Entities _is_ enough (I would love to hear opinions on this)

--
b10m

All code is usually tested, but rarely trusted.


Comment on Re: Preventing XSS

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://639983]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (5)
As of 2015-07-04 20:58 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (60 votes), past polls