Search the Community
Showing results for tags 'xss'.
At my CMS I want to give site moderators ability to associate any meta information to a page. For meta keywords and description I have different fields but all other stuff are inserted like raw html , like this: <meta name="Generator" content="SomeCMS" /> <meta name="robots" content="nofollow" /> <link rel="canonical" href="http://example.com/content/poisk-i-upravlenie-kontentom" /> This html will be echoed to the page. Mainly only meta tags and link(rel=canonical) will be here. And now I think I have to make sure there is no xss attack in this code. So I need to filter it before saving to database. HtmlPurifier or http://github.com/voku/anti-xss don't work with meta tags. So what would you advise me? To parse text with regexp for meta tags and then check every metatag found for any style or on attributes or http-equiv="refresh"(to deny malicious metatag)?
So XSS attacks, are you safe from them if you are outputting the data into lets say a input box, without any security checks like htmlentites()? And does PDO prepare help prevent xss too? And what sort of functions should I use to be most secure of outputting data in input boxes, text etc.