[TYPO3-dev] Proposal: Sanitize GET/POST parameters
Georg Ringer
mail at ringerge.org
Mon Jul 5 15:32:43 CEST 2010
Am 05.07.2010 15:24, schrieb Jigal van Hemert:
>> The patch also adds a new script for XSS filtering because RemoveXSS
>> is not really reliable in my view.
>
> Can you give specify in which areas the RemoveXSS version which is
> included in the core is not really reliable? It already filters a lot of
> clever XSS attacks. Suggestions to improve it are always welcome!
if you have found examples that the RremoveXSS from core is not secure
(enough), please don't reveal your findings here but send a mail to
security at typo3.org or contact me in private. please not here
Georg
More information about the TYPO3-dev
mailing list