Filter user entered Html for possible Cross Site Scripting attacks
I need to build a filter that will filter user entered html and which
will allow only certain html tags through (i.e. <IMG>, <SCRIPT> and
<EMBED> would be allowed).
i was going to HtmlEncode the entire user html input and filter out
only what is "allowed".
i need the best way to filter for all possible known xss attacks. is
there anything like this out there already?
have already read couple of articles on preventing the cross site
any help would be appreciated.
|All times are GMT. The time now is 04:38 PM.|
Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.