View Full Version : Template and XSS problem
02-28-2007, 02:13 PM
02-28-2007, 03:30 PM
str_replace() is a good, fast replacement function. However, not even regex is going to stop XSS if you are intentionally allowing users to modify the programs that will be executed in the browser.
To be blunt, you will never stop XSS because you don't control the browser. You can limit it though by disallowing client program modification through uploads or stripping tags. I would suggest PHPs PCRE instead of its POSIX regex.
Thanks for reply :)
The matter is:
- Can edit HTML template
Powered by vBulletin® Version 4.2.2 Copyright © 2016 vBulletin Solutions, Inc. All rights reserved.