[TYPO3-dev] t3lib_div::removeXSS() slowing down output
Jigal van Hemert
jigal at xs4all.nl
Mon Sep 29 01:12:25 CEST 2008
Steffen Kamper wrote:
> I will test your modifications anyway.
http://www.xs4all.nl/~dcbjht/typo3/removeXSS.zip
contains new version of removeXSS.php
* 2008-09-29 : modifications by Jigal van Hemert:
* - bugfixes in regexps
* - optimizations
* - quickscan for keywords to speed up the function when no potential
threats are present
* - regexps specific for different type of keywords to reduce false
positives
* - configurable "tag nerf"
I tested it with the XSS attacks at http://ha.ckers.org/xss.html
Speed was tested in air_filemanager.
Can some of you test this version?
AFAIK bug #8978 and related bugs are fixed/improved with this version.
Steffen can you later submit it to the core list (as Benjamin Mack
suggested)?
--
Jigal van Hemert.
More information about the TYPO3-dev
mailing list