[TYPO3-dev] t3lib_div::removeXSS() slowing down output
Jigal van Hemert
jigal at xs4all.nl
Sat Sep 27 13:48:29 CEST 2008
Hi Steffen,
Steffen Kamper wrote:
> Jigal van Hemert schrieb:
>> Jigal van Hemert wrote:
>>> One of the things I noticed is that t3lib_div::removeXSS() is very
>>> inefficient in detecting and replacing potential threads.
>> I made a faster version of removeXSS()
>> http://www.xs4all.nl/~dcbjht/typo3/removeXSS.txt
>>
>> Can you guys please take a look at it. Feel free to include it in
>> t3lib_div if no problems are found :-)
>
> thanks for this script. Where comes it from, any license?
The script is online available at:
http://kallahar.com/smallprojects/php_xss_filter_function.php
But in the T3 distribution you can find it in:
typo3/contrib/RemoveXSS/RemoveXSS.php
> I will test it, as i see removeXSS as unusable at the moment because of
> destroying output.
I noticed an error in a regular expression ([9|10|13]), where it meant
(9|10|13). But other than that I only unrolled some loops (made a big
regexp instead of a loop with dozens of calls to preg_replace() ) and
added a simple test for the list of potentially dangerous words before
the existing removal routine (which now only uses the list of detected
potentially dangerous words) is called.
If you know of more problems with this routine I will try to fix them!
Regards,
--
Jigal van Hemert.
More information about the TYPO3-dev
mailing list