Feature #19600

Improvement of removeXSS

Added by Oliver Hader about 11 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
-
Target version:
-
Start date:
2008-11-12
Due date:
% Done:

0%

PHP Version:
5.2
Tags:
Complexity:
Sprint Focus:

Description

The removeXSS-script used had some lacks. It replaced tags in normal text which prevents most from using this script.

Jigal did some improvements and i reformatted to CGL and tested.
These changes are done:

  • bugfixes in regexps
  • optimizations
  • quickscan for keywords to speed up the function when no potential threats
  • regexps specific for different type of keywords to reduce false positives
  • configurable "tag replaceString"

(issue imported from #M9778)

0009778.patch View (11.5 KB) Administrator Admin, 2008-11-12 11:27

0009778_v3.patch View (11.4 KB) Administrator Admin, 2008-11-12 12:57


Related issues

Related to TYPO3 Core - Bug #19110: t3lib_div::removeXSS translates normal text too Closed 2008-07-15
Related to TYPO3 Core - Bug #19234: removeXSS needs improvement Closed 2008-08-20

History

#1 Updated by Oliver Hader about 11 years ago

Committed to SVN Trunk (rev. 4457)

Also available in: Atom PDF