开发者

Is HTMLPurifier really that bullet-proof?

I saw Kohana framework allowing users to optionally use HTMLPurifier against any possible XSS attack开发者_如何学Pythons.

I thought HTMLPurifier was meant to allow standard-compliant output of the HTML.

Does it help avoid XSS attacks 100% or probably to great extent? Or you would suggest something else.

Thanks


As for every possible piece of software, it can not be perfect, and there is always a risk that someone somewhere one day can find a security hole and exploit it.

So, no-one will tell you "it help avoid XSS attacks 100%"...

But, each time I've head of HTMLPurifier, it was in great terms -- and I've used it successfully a couple of times, and will use it again for some future projects.

So, I think that "probably to great extent" is your answer ;-)

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜