LicensePowered by
Syndicate This BlogPlanet PHPMy interview at dot KDE - Henri Bergius
Thursday, September 2. 2010 Zend Framework is a BOSSie Award Winner - Zend Developer Zone Wednesday, September 1. 2010 Speaking at PHPNW 2010 - John Mertic Wednesday, September 1. 2010 Contributing to ZendFramework - ThinkPHP /dev/blog - PHP Wednesday, September 1. 2010 Big step forward in Modular Database Applications with DataObjects - Alan Knowles Tuesday, August 31. 2010 The fine art of application virtualization - John Lim (PHP Everywhere - By John Lim) Tuesday, August 31. 2010 Collecting Garbage: PHP's take on variables - Derick Rethans Tuesday, August 31. 2010 How to Roll Your Own JavaScript Compressor with PHP and the Closure Compiler - SitePoint » PHP Tuesday, August 31. 2010 Beware of the default Apache 2 config for PHP - Ilia Alshanetsky Monday, August 30. 2010 PHP Manager for IIS 7 – beta release - Ruslan Yakushev Monday, August 30. 2010 StatisticsLast entry: 2010-08-09 22:00
414 entries written
1581 comments have been made
|
Archives
|
Calendar
QuicksearchComments about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities) Mon, 30.08.2010 23:22 This is quite an interesting p ost and also informational. Ce rtainly one of such posts that brings a fresh perspect [...] about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities) Tue, 17.08.2010 22:24 I just wanted to thank you for the article and the research. I was looking for a solution and was surprised to fin [...] about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities) Mon, 16.08.2010 19:30 Does anyone have any input on "Universal Feed Parser" and it s effectiveness? about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities) Mon, 16.08.2010 17:44 Is it a big table?  Don't wo
rry about it - I'm completely
harmless. about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities) Thu, 12.08.2010 15:59 OMG. What did I write. You men tioned html5lib in your post. And I go on mentioning just th at. /me is now ashamed [...] about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities) Wed, 11.08.2010 20:46 html5lib (http://code.google.c om/p/html5lib/) is the one I r un on a few days ago, so I'm p robably guessing that th [...] about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities) Wed, 11.08.2010 19:56 I haven't decided on it yet. A t the moment, many server side development tools are in the same boat. libxml2 and t [...] about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities) Wed, 11.08.2010 19:32 @Padraic: What will you do in a 6months when html5 becomes p opular and along with it stand ardized parser. Its prob [...] about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities) Wed, 11.08.2010 12:45 looking forward to your soluti on. To be honest, we're using HTMLPurifier and I have yet to encounter big problems [...] about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities) Tue, 10.08.2010 18:44 Quoting from the original repo rt (26 June '10): "Bonus vu lnerability from a brief look through of the blacklist [...] about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities) Tue, 10.08.2010 18:30 Thanks for the excellent artic le. Very informative. about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities) Tue, 10.08.2010 17:43 I believe you're incorrect reg arding the -ms-behavior css er ror in HTML_Safe. The blacklis t includes "behavior" wh [...] about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities) Tue, 10.08.2010 11:18 Yes, it's being proposed to Ze nd Framework. HTMLPurifier rea lly is that good, largely beca use it properly normalis [...] about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities) Tue, 10.08.2010 11:13 Hi Santosh, As the article notes, CSS may be used to styl e elements in such a way that may overlay or expand th [...] about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities) Tue, 10.08.2010 10:15 So if HTML Purifier is that go od, will you still be proposin g your own for inclusion into Zend? CategoriesArchivesTop ReferrersShow tagged entries application security article astrum futura asynchronous processing atom bdd behavior-driven development behaviour-driven development benchmark book deep end dependency injection design patterns devnetwork docbook documentation eve online games htmlpurifier inversion of control irish php user group irishisms maugrim microformat mock objects mockery model mutateme mutation testing mvc oauth openid openid and yadis pc gaming pear phing php php game development php games php general php security phpmock phpspec phpunit poka-yoke qgl quantum game library quantum star se rantings rss simpletest snarl solar empire surviving the deep end symfony tdd test spy tutorial unit testing xp programming xrd xrds xss yadis yaml zend framework zf proposal zfstde |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
