Mirrors/ICEcoder
2
0
Fork 0
mirror of https://github.com/icecoder/ICEcoder.git synced 2026-03-03 07:13:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

No need for other chars to be replaced

Browse Source 
Impossible to output an XSS without < or > alone
This commit is contained in:
Matt Pass
2014-05-03 14:13:48 +01:00
parent 1a85a1ddc3
commit a470daf9f5
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/settings-common.php
View File

@@ -65,8 +65,8 @@ function xssClean($data,$type) {
// === html ===
if ($type == "html") {
$bad = array("<", ">", "=", "&", "(", ")", "\"", "'");
$good = array("&lt;", "&gt;", "&equals;", "&amp;", "&lpar;", "&rpar;", "&quot;", "&apos;");
$bad = array("<", ">");
$good = array("&lt;", "&gt;");
}
// === style ===