PHP - security etc

David Cantrell david at
Wed Mar 7 21:10:49 GMT 2007

On Wed, Mar 07, 2007 at 05:20:31PM +0000, Dominic Mitchell wrote:

> You're creating a damned web page.  You need to escape pretty much
> everything.  Not escaping things should be the exception, rather than
> the other way around.  Otherwise it gets forgotten and guess what?  Lots
> of XSS attacks.  Yay!

I don't understand "XSS" attacks.  Anyone permitting random strangers to
embed *whatever the fuck they like* in his site has FAR bigger problems
than that his users might run some bit of Javascript they don't want.

David Cantrell | Enforcer, South London Linguistic Massive

Computer Science is about lofty design goals and careful algorithmic
optimisation.  Sysadminning is about cleaning up the resulting mess.

More information about the mailing list