Thanks for your answer ! > So, does this mean you are against htmlPurifier simply because of > "undiscovered > vulnerabilities"? If you fear something being insecure simply because of its > undiscovered fault, then that probably isn't the best rout to go about > evaluating things. In my experiences, products that are tried and true are > much > better at doing what you ask when they've undergone public scrutiny (OSS++).
Actually I'm not for or against htmlPurifier, I'm just trying to reduce the attack surface of a website. Less code means less vulnerabiliites. > Finally: Is your goal to build a security enterprise or something more > security-related? If so, I recommend taking this topic up with the OWASP > Mailing > list <https://lists.owasp.org/mailman/listinfo>, as there will be more > advanced > security experts there who can help you out in further detail. Otherwise, > what > can we do to help you with ZF-related issues? Thanks for the pointer !Z. > Regards, > -Kizano > //----- > Information Security > eMail: [email protected] > http://www.markizano.net/
