Menu
▾
▴
Re: [Owasp-input-api-developers] I have an immediate application for the filters!
|
From: Gabriel L. <ga...@bu...> - 2002-07-09 16:03:48
|
When I did a similar thing for a previous project we benchmarked writing our own specialized parser to find <> and manage what can be in a tag vs using regular expressions and found a dramatic improvement to using the non regular expression version. This was in Java code, so it could have been that the regular expression library we were using was not the best, but that may be something to consider also. As a side note I think this kind of functionality would be something great to put into the filters project.... -gabe On Tue, 2002-07-09 at 05:41, Steven J. Sobol wrote: > On 8 Jul 2002, Gabriel Lawrence wrote: > > > Steve, > > > > You're going to find that there is a whole lot more that is evil then > > just script tags... What I'd suggest you do is instead parse for > > occurances of <> and only allow things to appear in tags that you have > > a good list... > > Right. That's what I'm planning on doing. :) I have to figure out the > easiest way to do it using PHP and regular expressions. > > What I have done so far is just a stopgap for a few days until I can > continue working on the site. > > -- > Steve Sobol, CTO JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET > - I do my best work with one of my cockatiels sitting on each shoulder - > 6/4/02:A USA TODAY poll found that 80% of Catholics advocated a zero-tolerance > stance towards abusive priests. The fact that 20% didn't, scares me... > > |
