My simple implementation of PHP strip_tags()
aberba via Digitalmars-d
digitalmars-d at puremagic.com
Wed Jun 28 12:50:44 PDT 2017
On Wednesday, 28 June 2017 at 19:21:35 UTC, Vladimir Panteleev
wrote:
> On Wednesday, 28 June 2017 at 19:14:19 UTC, aberba wrote:
>> I'm already using prepared statements thoroughly. strip_tags()
>> has its own uses beside making it safe for db storage.
>
> Nothing to do with DB storage! XSS and SQL injections are two
> very distinct classes of vulnerabilities.
>
> Please read this ASAP:
> https://en.wikipedia.org/wiki/Cross-site_scripting
Ha ha. I will strip out <script> tags in the regex. Its better to
get rig of tags where not needed for clients other than a
browser. Please criticize the stripTags() implementation
More information about the Digitalmars-d
mailing list