开发者

do I need HTMLpurifier in Codeigniter?

I am developing a PHP application using Codeigniter framework and it is time now for the security reviews.. I got many recommendations to use HTMLPurifier library if i wan开发者_如何学Pythont the best protection I can get.. is this true? do I really need this library or are there better options? I appreciate your thoughts on this issue

thanks


I would like to know this for myself too. I know that Codeigniter has there own way of checking for html in there form validation class, if your using a form and XSS Filtering in there Security Class. It may not be the best but it should be able to help you until you find your correct answer.


I don't know how it is HTMLPurifier working, but it will be probably best solution than built-in XSS protection.
You can read more about the Codeigniter XSS vulnerability in this article. Maybe it is fixed in the latest version, but if you really want good protection, use something more powerfull than CI Security Class (you can build your own class).

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜