[TYPO3-core] RFC: #15812: Add backend maintenance for login news
Jigal van Hemert
jigal at xs4all.nl
Wed Oct 6 09:28:17 CEST 2010
Hi,
On 5-10-2010 22:25, François Suter wrote:
> As for the reliability of removeXSS, it has been discussed in this
> very thread. It seems like the Security Team thinks it is not
> reliable. Jigal offered to improve it, but I don't know the status
> of this.
Discussed is big word in this context :-)
Helmut said: "3. removeXSS is very limited and in a kind of unmaintained
state. It also produces false positives, which can lead to rather
unexpected results."
Because I did some improvements on the function about two years ago
(increased speed, reduced false positives, added loads of extra exploits
to the filters), I offered to update it and asked him to send me the
details about the limitations and the false positives. Unfortunately I
haven't received anything yet.
--
Kind regards / met vriendelijke groet,
Jigal van Hemert
skype:jigal.van.hemert
msn: jigal at xs4all.nl
http://twitter.com/jigalvh
More information about the TYPO3-team-core
mailing list