A few PHP frameworks that I’ve seen have specific functions to remove XSS attacks. I believe that they just remove the <script> tag (I could be wrong). If I had previously used strip_tags on a string, was that enough to remove all XSS attacks or should I follow up with one of these framework XSS functions? A more general question is whether XSS attacks can exist without HTML tags.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Stripping </p> tags | 0 | 40 | October 8, 2009 | |
|
Strip html tags from a text, in actionscript
|
0 | 91 | September 3, 2006 | |
|
[php] Stripping html characters
|
0 | 34 | April 15, 2004 | |
| [php] Stripping html characters | 0 | 44 | April 15, 2004 | |
|
Which is better?
|
0 | 39 | September 10, 2006 |
