Chris Shiflett has a post today, Allowing HTML and Preventing XSS. The problem is how to allow users to format their contributed content without introducing security vulnerabilities. The answer is usually some sort of markup language or filtering and sanitization of HTML.
BBCODE was designed for this purpose. There is no actual standard, [...]
The Problem with Markup Languages
March 14th, 2007The Usability of Input Filtering
March 31st, 2005There seems to be much interest lately in input filtering in PHP, especially in cross site scripting prevention. I’ve always preferred input validation to input filtering, but I am giving filtering a new examination. My problem with filtering is with usability. The comments to this post are a good example. There [...]
Even the Big Guys Get Validation Wrong
May 13th, 2004I ordered a computer for someone from Dell last night. When I got to the end of the order, I mistyped a digit on the credit card number and the form was redisplayed with an “invalid credit card number” error. I added spaces between the digits (as they appear on the card) to [...]
Feed
Subscribe to this blog…