preg_replace on xss code
Posted
by proyb2
on Stack Overflow
See other posts from Stack Overflow
or by proyb2
Published on 2010-05-31T14:50:43Z
Indexed on
2010/05/31
14:53 UTC
Read the original article
Hit count: 267
Can this code help to sanitize malicious code in user submit form?
function rex($string) {
$patterns = array();
$patterns[0] = '/=/i';
$patterns[1] = '/javascript:/i';
$replacements = array();
$replacements[0] = '';
$replacements[1] = '';
return preg_replace($patterns, $replacements, $string);
I have included htmlentities() to prevent XSS on client side, is all the code shown is safe enough to prevent attack?
© Stack Overflow or respective owner