PHP XSS Prevention WhiteListing
Posted
by pws5068
on Stack Overflow
See other posts from Stack Overflow
or by pws5068
Published on 2010-06-07T19:57:41Z
Indexed on
2010/06/07
20:02 UTC
Read the original article
Hit count: 321
My site utilizes a WYSIWYG editor for users to update their accounts,enter comments, and send private messages.
The editor (CKEditor) is great for only allowing users to enter valid input, but I worry about injection through TamperData or other means.
How can I control this on the server side?
I need to whitelist specific tags: <b><ul><ol><a><img><br>
, will this be a SAFE approach to preventing XSS?
© Stack Overflow or respective owner