teng84 Posted December 7, 2007 Share Posted December 7, 2007 yes it will only show the code of those passed value.. will that be a prob? Link to comment Share on other sites More sharing options...
darkfreaks Posted December 7, 2007 Author Share Posted December 7, 2007 well if its form code yes because they will not be able to enter anything somehow im thinking the XSS function is more of what i need right now. Link to comment Share on other sites More sharing options...
teng84 Posted December 7, 2007 Share Posted December 7, 2007 you confused me! ok lets say we have this XSS('<a href="teng" onclick="etc..">') what will be the result and what are the results you want Link to comment Share on other sites More sharing options...
darkfreaks Posted December 7, 2007 Author Share Posted December 7, 2007 ok if i have something like echo htmlspecialchars("<input value=$sessid>"); it will just show the input code that is not what i want. but if i do RemoveXSS("<input value=$sessid>"); it will check the input for all known XSS patterns and remove them. this is more of what i want. Link to comment Share on other sites More sharing options...
Recommended Posts