Usage of htmlentities redisplaying form data

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Hey, JCart, I noticed that your tag checking code let you define what attributes were allowed, but not what was allowed ''in'' the attributes. That could lead to exploits, I suppose.
Post Reply