Do you have a function that cleans a string of XSS and SQL injection?
I know you have functions that have filters,
but what I want to do is make sure the internal path is clean of any XSS
and SQL injection,
so I can safely use internal paths as parameters for database queries,
I am not sure if this is done in the code,
or if its something I need to do before using them.
I would also like to use this function to validate user information read
from XML files,
where some of the information may have valid XML code like ID's for
javascript calls,
so I am forced to use XHTMLUnsafeText,
I just need a way to clean some strings and not the whole document,
in other words,
I use XHTMLUnsafeText to read in the whole document,
thus bypassing the filter,
then I want to clean just some items I call using tr.
I guess my main problem is that I do not fully understand when the
filters are in use,
and when I need to bypass them,
and when I need to involve them manually, because I do not how I do
that,
I know I can just write a small function to filter out everything but
alpha numeric characters,
but what is the best practice in Wt,
because if there is a function that does this, my problem is solved.
Thanks
Jeff Flesher
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
witty-interest mailing list
witty-interest@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/witty-interest
