A few PHP frameworks that I’ve seen have specific functions to remove XSS attacks. I believe that they just remove the <script> tag (I could be wrong). If I had previously used strip_tags on a string, was that enough to remove all XSS attacks or should I follow up with one of these framework XSS functions? A more general question is whether XSS attacks can exist without HTML tags.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Stripping </p> tags | 0 | 40 | October 8, 2009 | |
| Stopping Xss attakcs - sql injection via url | 0 | 109 | April 18, 2011 | |
| XSS, CSS Prevention | 0 | 86 | January 12, 2008 | |
| Regex - Strip HTML into Plain Text with Formatting | 0 | 82 | April 30, 2008 | |
| PHP Help with Expressions and html TAg | 0 | 162 | January 10, 2008 |
