[TYPO3-core] RFC: Add external RemoveXSS library to TYPO3
Martin Kutschker
Martin.Kutschker at n0spam-blackbox.net
Mon Sep 24 17:35:40 CEST 2007
Michael Stucki schrieb:
> Hi Thorsten,
>
> ok, thanks for your feedback. So far I asked two people about their opinion,
> however, as the name says, it is just an opinion. We probably need an expert
> for this...
>
> Anyway, I think that unless someone can clarify this very quickly, we should
> stop discussing it here and move the discussion to the dev list...
>
> So who knows the answer?
Well, the author's homepage for this little script is here:
http://quickwired.com/smallprojects/php_xss_filter_function.php
Why don't we ask him? Maybe the the sec. team has already (note: "with
permission of the author").
But as the code doesn't seem to be "versioned" we can simply inline the
code into t3lib_div directly. And - of course - we must use the code. Eg we
could change the constructor of pi_base to use it or add a method that
checks the piVars, etc. Mybe we can protect the BE as well.
Masi
More information about the TYPO3-team-core
mailing list