A few PHP frameworks that I’ve seen have specific functions to remove XSS attacks. I believe that they just remove the <script> tag (I could be wrong). If I had previously used strip_tags on a string, was that enough to remove all XSS attacks or should I follow up with one of these framework XSS functions? A more general question is whether XSS attacks can exist without HTML tags.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| XSS, CSS Prevention | 0 | 87 | January 12, 2008 | |
| Remove HTML Tags | 0 | 37 | August 28, 2006 | |
|
Problem with HTML tags in Flash 2 PHP form
|
2 | 87 | July 11, 2008 | |
| Do not keep a public accessible phpinfo on your server | 0 | 107 | March 10, 2007 | |
|
Strip html tags from a text, in actionscript
|
0 | 91 | September 3, 2006 |
