[TYPO3-core] RFC: Improvement of removeXSS
Oliver Hader
oliver at typo3.org
Tue Oct 21 15:38:06 CEST 2008
Hi,
Steffen Kamper schrieb:
> This is a SVN patch request.
>
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=8978
> http://bugs.typo3.org/view.php?id=7033
> http://bugs.typo3.org/view.php?id=9198
>
> Problem:
>
> the removeXSS-script used had some lacks. It replaced tags in normal
> text which prevents most from using this script.
>
> Jigal did some improvements and i reformatted to CGL and tested.
> These changes are done:
>
> * - bugfixes in regexps
> * - optimizations
> * - quickscan for keywords to speed up the function when no potential
> threats
> * - regexps specific for different type of keywords to reduce false
> positives
> * - configurable "tag replaceString"
>
> for deeper information about XSS have a look at
> http://ha.ckers.org/xss.html
Any news on this one? By the way: Is there a bug report that holds all
the sub-issues (8978, 7033, 9198)?
olly
--
Oliver Hader
TYPO3 4.3 Release Manager
More information about the TYPO3-team-core
mailing list