Jump to content
php.lv forumi

textarea drošība


anonīms

Recommended Posts

Ja tu pie izvades taisi htmlspecialchars, tad nav jēgas darbināt htmlpurifier un bremzēt visu pasākumu. htmlpurifier tieši nodrošinās, lai nepaliktu nekas slikts, kas varētu kaut ko salauzt.

Link to comment
Share on other sites

nav vienkārši sitā:

$data = '<h1>
<script language="javascript">alert("nēe");</ script>
< script language="javascript">alert("nēe");</ script>
<    script language="javascript">alert("nwwe");< /
script>
<
 script language="javascript">alert("nēe");</script>
<scr<script>Kiddies</script>ipt> are clever buggers</script>	
<img alt="" src="http://a.cksource.com/c/1/inc/img/demo-little-red.jpg" style="margin-left: 10px; margin-right: 10px; float: left; width: 120px; height: 168px;" /><script>alert("evil code");</script>Little Red Riding Hood</h1>';

$preg = '/<script/i';
$repl = '<script';
echo preg_replace($preg, $repl, $data);

 

Cik paskatījos ja starp < un script ir atstarpe tad ff vismaz to rindu izvada kaa tekstu un chrome arī

Edited by Klez
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...