[TYPO3-core] RFC: Improvement of removeXSS
Marcus Krause
marcus#exp2008 at t3sec.info
Tue Sep 30 21:32:00 CEST 2008
Steffen Kamper schrieb:
> Hi,
>
> This is a SVN patch request.
>
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=8978
> http://bugs.typo3.org/view.php?id=7033
> http://bugs.typo3.org/view.php?id=9198
>
> Problem:
>
> the removeXSS-script used had some lacks. It replaced tags in normal
> text which prevents most from using this script.
>
> Jigal did some improvements and i reformatted to CGL and tested.
Hi Steffen!
I'd personally prefer some kind of unit test that checks that
removeXSS() is working like expected; on basis of the mentioned
XSS Cheat Sheet.
Marcus.
More information about the TYPO3-team-core
mailing list