Bug #20225 ยป removexss.diff
typo3/contrib/RemoveXSS/RemoveXSS.php (working copy) | ||
---|---|---|
*
|
||
* @param string Input string
|
||
* @return string Input string with potential XSS code removed
|
||
* @deprecated
|
||
*/
|
||
function RemoveXSS($val) {
|
||
function RemoveXSS($val) {
|
||
return self::process($val);
|
||
}
|
||
|
||
/**
|
||
* Wrapper for the RemoveXSS function.
|
||
* Removes potential XSS code from an input string.
|
||
*
|
||
* Using an external class by Travis Puderbaugh <kallahar@quickwired.com>
|
||
*
|
||
* @param string Input string
|
||
* @return string Input string with potential XSS code removed
|
||
*/
|
||
public static function process($val) {
|
||
// remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
|
||
// this prevents some character re-spacing such as <java\0script>
|
||
// note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs
|