Bug #20225 ยป removexss.diff
| typo3/contrib/RemoveXSS/RemoveXSS.php (working copy) | ||
|---|---|---|
|
*
|
||
|
* @param string Input string
|
||
|
* @return string Input string with potential XSS code removed
|
||
|
* @deprecated
|
||
|
*/
|
||
|
function RemoveXSS($val) {
|
||
|
function RemoveXSS($val) {
|
||
|
return self::process($val);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Wrapper for the RemoveXSS function.
|
||
|
* Removes potential XSS code from an input string.
|
||
|
*
|
||
|
* Using an external class by Travis Puderbaugh <kallahar@quickwired.com>
|
||
|
*
|
||
|
* @param string Input string
|
||
|
* @return string Input string with potential XSS code removed
|
||
|
*/
|
||
|
public static function process($val) {
|
||
|
// remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
|
||
|
// this prevents some character re-spacing such as <java\0script>
|
||
|
// note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs
|
||