Thread: Comment Field Patch
View Single Post
  #24  
Old 02-04-2006, 06:49 AM
se.nsuo.us Offline
pixelpost guru
  
Join Date: Dec 2005
Location: Somewhere in India
Posts: 624
New Patches
Here are two new patches for Pixelpost 1.5Beta for comments which I feel do a more complete job of preventing XSS

http://se.nsuo.us/contrib/comment-field-patch_HTML.zip - this is based on the class here http://svn.bitflux.ch/repos/public/p...ernalinput.php and can prevent all the XSS attacks outlined in the XSS Cheatsheet and still allow some useful HTML

http://se.nsuo.us/contrib/comment-field-patch_PLAIN.zip - this strips out the HTML tags and then converts anything remaining to htmlentities - in effect this will allow only plain text comments.

Hope that helps and standard disclaimers apply
__________________
http://se.nsuo.us - A photoblog of sensual, abstract nudes [may not be work safe for some]
My Pixelpost Addons, Cheesecake-Photoblog Software
Reply With Quote