[TYPO3-core] RFC: Improvement of removeXSS
Steffen Kamper
info at sk-typo3.de
Wed Oct 1 11:07:29 CEST 2008
Hi,
Dmitry Dulepov schrieb:
> Hi!
>
> Marcus Krause wrote:
>> I'd personally prefer some kind of unit test that checks that
>> removeXSS() is working like expected; on basis of the mentioned
>> XSS Cheat Sheet.
>
> This would be great. We do not have tests yet but we should. Marcus, do
> you know how to make unit tests with phpUnit? What about setting up a
> project on Forge for such tests?
>
what i did is processing with the XML from ha.ckers.org.
I build a test comparing recent and the new RemoveXSS,
have a look here:
http://www.sk-typo3.de/index.php?id=370
As you see it's not perfect, but better than the existing. At the end of
page you see the time for the loop.
vg Steffen
More information about the TYPO3-team-core
mailing list