On Tue, Nov 13, 2012 at 4:45 PM, Kevin <i...@ikke.info> wrote:
> The problem with input filtering is that you can only filter for one
> output scenario. What if the the input is going to be output in a wiki
> like environment, or to pdf, or whatever? Then you have to unescape
> the data again, and maybe apply filtering/escaping for those
> You only know how to escape data when you are going to output it, so
> then is the the best moment to escape it.
Also there are so many ways to evade XSS filtering
If you can and should escape data (like in our case), it cannot not work;
not possible to evade it.
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html