On Nov 28, 2008, at 15:40, Michele Waldman wrote:
I’m looking at two separate issues right now: SQL injection and Html
injection.
But, I think you can kill two birds with one stone.
Not if you want to adhere to best practices. XSS is not something you
can remove. It's the result of sloppy programming.
On my blog, XSS is talked about a lot, so many of the comments might
appear to be XSS attacks. I haven't (yet) had a vulnerability in my
comment code, despite being a constant target for attack, and despite
the fact that I don't remove any part of anyone's comment.
There's a lot of misinformation out there, so tread carefully.
Chris
--
Chris Shiflett
http://shiflett.org/
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
