http://blog.astrumfutura.com/2011/03/regex-html-sanitisation-off-with-its-head/ PHP, Zend Framework and Other Crazy Stuff Fri, 24 May 2013 01:08:34 +0000 hourly 1 http://wordpress.org/?v=3.0.1 http://blog.astrumfutura.com/2011/03/regex-html-sanitisation-off-with-its-head/#comment-3110 Mariobros Tue, 17 May 2011 21:09:00 +0000 http://blog.astrumfutura.com/?p=453#comment-3110 I wanted to thank you for this great read!! I definitely enjoying every little bit of it I have you bookmarked to check out new stuff you post. :)   I wanted to thank you for this great read!! I definitely enjoying every little bit of it I have you bookmarked to check out new stuff you post.
 

]]> http://blog.astrumfutura.com/2011/03/regex-html-sanitisation-off-with-its-head/#comment-3001 CodeIgniter 2.0.2: Cross-Site Scripting (XSS) Fixes And Recommendations | Pádraic Brady Tue, 10 May 2011 11:43:06 +0000 http://blog.astrumfutura.com/?p=453#comment-3001 [...] many of my readers know, I have a keen dislike for regular expression based HTML sanitisation. Regular expressions simply do not understand HTML’s nested nature and the numerous possible [...] [...] many of my readers know, I have a keen dislike for regular expression based HTML sanitisation. Regular expressions simply do not understand HTML’s nested nature and the numerous possible [...]

]]> http://blog.astrumfutura.com/2011/03/regex-html-sanitisation-off-with-its-head/#comment-2883 Luke Roll Wed, 30 Mar 2011 21:02:00 +0000 http://blog.astrumfutura.com/?p=453#comment-2883 Oh, haha I clicked on this because the picture of the gelatine made me think this article was about something else :P any who still a nice read over all thanks Oh, haha I clicked on this because the picture of the gelatine made me think this article was about something else any who still a nice read over all thanks

]]> http://blog.astrumfutura.com/2011/03/regex-html-sanitisation-off-with-its-head/#comment-2834 Alvin Y. Wed, 23 Mar 2011 12:25:00 +0000 http://blog.astrumfutura.com/?p=453#comment-2834 Whoa... That was a long entry. Thanks anyway for the informative blog. Whoa… That was a long entry. Thanks anyway for the informative blog.

]]> http://blog.astrumfutura.com/2011/03/regex-html-sanitisation-off-with-its-head/#comment-2815 Pádraic Brady Sun, 20 Mar 2011 00:37:00 +0000 http://blog.astrumfutura.com/?p=453#comment-2815 Under no circumstances use KSES. It is an old library and very insecure. Some applications might use an improved variant but you'd have to rewrite it completely to seal up its holes (and, well, I do state that regex based sanitisation doesn't work anyway ;)). Under no circumstances use KSES. It is an old library and very insecure. Some applications might use an improved variant but you’d have to rewrite it completely to seal up its holes (and, well, I do state that regex based sanitisation doesn’t work anyway ).

]]> http://blog.astrumfutura.com/2011/03/regex-html-sanitisation-off-with-its-head/#comment-2814 chx Sun, 20 Mar 2011 00:11:00 +0000 http://blog.astrumfutura.com/?p=453#comment-2814 What about KSES? It's used by a variety of rather popular PHP packages and it's rather through. What about KSES? It’s used by a variety of rather popular PHP packages and it’s rather through.

]]>