This code works on htmlpurifier

Re: This code works on htmlpurifier

electrocity — Sat, 26 Nov 2011 07:50:13 -0500

" onclick='alert(50)' "

But i can't test it here, it's only in a hmtl input field. saved to database and rerender

THe code with tags are filtered correctly. i cannont proove it here, but all my tests are working.

i used this to prevent all javascript .

				$value =	preg_replace('@<[\/\!]*?[^<>]*?>@si','',$value);//remove all html tags
				$value =	(string)preg_replace('#on[a-z](.+?)\)#si','',$value);//replace start of script onclick() onload()...
				$value = trim(str_replace('"', ' ', $value),"'") ;
				$value =	(string)preg_replace('#^\'#si','',$value);//replace ' at start

BUt it's not perfect because this can remove unwanted chars.

Re: This code works on htmlpurifier

al — Sat, 05 Nov 2011 08:39:59 -0400

jjjj

Re: This code works on htmlpurifier

Brian — Wed, 14 Sep 2011 00:36:19 -0400

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>

Re: This code works on htmlpurifier

Philip — Tue, 30 Aug 2011 07:27:04 -0400

'onmouseover=prompt(934419) bad='

Re: This code works on htmlpurifier

aeno — Thu, 15 Jul 2010 14:07:25 -0400

aeno.co.cc/abc/

Re: This code works on htmlpurifier

aeno — Thu, 15 Jul 2010 14:06:32 -0400

http://aeno.co.cc/abc/" target="_blank">aeno.co.cc/abc/

Re: This code works on htmlpurifier

Woogie — Thu, 04 Feb 2010 21:33:47 -0500

very nice

Re: This code works on htmlpurifier

Woogie — Thu, 04 Feb 2010 21:33:11 -0500

žscriptualert(EXSSE)ž/scriptu

Re: This code works on htmlpurifier

Woogie — Thu, 04 Feb 2010 21:29:39 -0500

Re: This code works on htmlpurifier

Woogie — Thu, 04 Feb 2010 21:27:08 -0500

Re: This code works on htmlpurifier

Woogie — Thu, 04 Feb 2010 21:25:51 -0500

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>

Re: This code works on htmlpurifier

Ambush Commander — Tue, 19 May 2009 01:12:25 -0400

Re: This code works on htmlpurifier

Ambush Commander — Tue, 19 May 2009 01:11:44 -0400

Uhhh... no it doesn't.

Re: This code works on htmlpurifier

Saud — Tue, 19 May 2009 01:07:39 -0400

This xss code works too

">

Re: This code works on htmlpurifier

Saud — Tue, 19 May 2009 00:58:34 -0400

i got it from http://ha.ckers.org/xss.html and it works on my form.

This code works on htmlpurifier

Saud — Tue, 19 May 2009 00:57:27 -0400

i got it from http://ha.ckers.org/xss.html and it works on my form.