Welcome! » Log In » Create A New Profile

GET and POST - Sanitize by default?

Posted by bezee 
GET and POST - Sanitize by default?
April 29, 2011 12:12PM

What are your thoughts on passing all $_GET and $_POST requests to HTML Purifier?

Thanks

Re: GET and POST - Sanitize by default?
April 29, 2011 07:49PM

Don't do it.

(Not all input is HTML, so not all input should be passed through HTML Purifier.)

Re: GET and POST - Sanitize by default?
May 04, 2011 12:59PM

Could a user still put malicious code like XSS in a simple username input field and cause harm to an app? What is the best way to avoid something like that?

Re: GET and POST - Sanitize by default?
May 04, 2011 02:12PM

Code is only dangerous if it is put in a context where it could be misinterpreted as code. Escaped output is not dangerous.

jiamei
Re: GET and POST - Sanitize by default?
September 02, 2011 03:14AM

if you have one function whose the parameter is _POST,please email me ,thank you very much

Sorry, you do not have permission to post/reply in this forum.