David JM Emmett's Profile

About Me:

Last 10 Comments

1

Prelude: I prefer to use an MVC Style architecture.

I've always thought that the best way to go about things is to structure your code so that the View is a series of calls to a DOMDocument using PHP DOM XML.

Personally, I find this to be the best and safest way to validate user's HTML input, I load the users input into a DOMNode and remove all attributes that I think may be dangerous.
Posted in /blog/2007/mar/allowing-html-and-preventing-xss.

Wed, 14 Jan 2009 at 09:37:27: Link

Stats

Member Since: 14 Jan 2009
Comments: 1

Web Site

demmett.myopenid.com

Blog Posts

Top 5 Blog Posts

Save the Internet with rev="canonical"

10 Apr 2009
62 Comments

My Amazon Anniversary

15 Mar 2007
41 Comments

Allowing HTML and Preventing XSS

14 Mar 2007
66 Comments

addslashes() Versus mysql_real_escape_string()

22 Jan 2006
69 Comments

Google XSS Example

21 Dec 2005
36 Comments

Top 5 Articles

Security Corner: Cross-Site Request Forgeries

13 Dec 2004
75 Comments

The Truth about Sessions

15 Dec 2003
77 Comments

Foiling Cross-Site Attacks

14 Oct 2003
68 Comments

Guru Speak: Storing Sessions in a Database

14 Dec 2004
60 Comments

Guru Speak: How to Avoid "Page Has Expired" Warnings

21 Oct 2004
48 Comments

Work and Books

Analog A web design and development co-operative
Essential PHP Security O'Reilly, 2005
HTTP Developer's Handbook Sams, 2003

Footer