[EMAIL PROTECTED] wrote:
> Hi all
>
> i'm wondering how other symfony-users try to avoid security
> problems...
> is this a common and recomended way of avoiding these problems?
>
> 1. i've added a helper (SecurityHelper.php) with the following
> function:
> function secureOut($text) {
> return htmlentities(strip_tags($text));
> }
>
> 2. every text-output is wrapped by this function.
>
>
> does anyone has a better solution for this issue?
> filter? but what can i do if i want to allow some html tags?
have a look here:
http://www.symfony-project.com/book/trunk/07-Inside-the-View-Layer
http://blog.calmtech.co.uk/symfony/xss.php
regards,
Lukas
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
