-- Zladivliba Voskuy <[email protected]> wrote (on Tuesday, 01 March 2011, 04:36 PM +0100): > I've been trying to find a solution for this for a while ; I'd like to > use a SecureText function that filters any "potential risky" text > input from my website. > > So what's "potential risky text" for me : everything that's not : > a-zA-Z0-9 ;.,?+-_![]/()This clears any hack potential from XSS or SQL > injection. This limits the usability of my website, but I don't care, > as long as xss are not possible any more, and sql injections are out > of the way it's perfectly viable for what I want to do and the needs > of my users. > > Now the question is how to build such a function. It seems that I > can't use preg_replace because of unicode characters.I've tried to use > filter_var but I'm not sure it filters also unicode characters. And I > really want to strip everything that's risky it's my main priority. > > Cool guys on #Zftalk have advised to use pregReplace filter build in > ZF since I have a regexp, but I'm not sure regexp is secure so... > > Any help appreciated ! I'm a little lost with this.Thanks !
I'd build a filter that wraps HtmlPurifier, to be honest... -- Matthew Weier O'Phinney Project Lead | [email protected] Zend Framework | http://framework.zend.com/ PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc
