[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] strip_tags() but not only vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] strip_tags() but not only vulnerability
From: Tõnu Samuel <tonu@xxxxxx>
Date: Wed, 29 Mar 2006 16:15:14 +0300

Some time ago I wrote document describing common problem with cleaning up 
HTML. PHP manual states some little warning about topic but no solution on 
http://www.php.net/strip_tags

Many websites are still vulnerable and similar problems happen not depending 
on programming language too often:

http://www.jes.ee/~tonu/strip.php

Please do not start flamewar, I know some people might find this information 
useful. Yes, it is not "advanced" and this is why people often do not notice 
the problem.

  Tõnu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] strip_tags() but not only vulnerability
  - From: ascii

Prev by Date: [Full-disclosure] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code
Next by Date: Re: [Full-disclosure] PHP html_decode_entity vulnerability
Previous by thread: Re: [Full-disclosure] Court Order May Violate First Amendment
Next by thread: Re: [Full-disclosure] strip_tags() but not only vulnerability
Index(es):
- Date
- Thread