Feature #19600

Improvement of removeXSS

Added by Oliver Hader over 12 years ago. Updated almost 11 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
-
Target version:
-
Start date:
2008-11-12
Due date:
% Done:

0%

Estimated time:
PHP Version:
5.2
Tags:
Complexity:
Sprint Focus:

Description

The removeXSS-script used had some lacks. It replaced tags in normal text which prevents most from using this script.

Jigal did some improvements and i reformatted to CGL and tested.
These changes are done:

  • bugfixes in regexps
  • optimizations
  • quickscan for keywords to speed up the function when no potential threats
  • regexps specific for different type of keywords to reduce false positives
  • configurable "tag replaceString"

(issue imported from #M9778)


Files

0009778.patch (11.5 KB) 0009778.patch Administrator Admin, 2008-11-12 11:27
0009778_v3.patch (11.4 KB) 0009778_v3.patch Administrator Admin, 2008-11-12 12:57

Related issues

Related to TYPO3 Core - Bug #19110: t3lib_div::removeXSS translates normal text tooClosedSteffen Kamper2008-07-15

Actions
Related to TYPO3 Core - Bug #19234: removeXSS needs improvementClosedMichael Stucki2008-08-20

Actions
#1

Updated by Oliver Hader over 12 years ago

Committed to SVN Trunk (rev. 4457)

Also available in: Atom PDF