xss prevention (yet again, right? ;d)
Posted: Sun Sep 24, 2006 4:21 am
I think my XSS prevention measures are pretty good, at the moment. I allow users to enter HTML directly, and have that filtered by a class that feyd wrote me, and then an additional filter that I wrote myself (mostly just checks for flash files).
I have thought about replacing all links that they enter with a redirect link handled by the server.
http://www.somedomain.com/someimage.jpg would be come..
http://www.mydomain.com/redirect.php?li ... eimage.jpg
This would force anything potentially malicious to be handled by the server.
Are there any cons to doing this?
I have thought about replacing all links that they enter with a redirect link handled by the server.
http://www.somedomain.com/someimage.jpg would be come..
http://www.mydomain.com/redirect.php?li ... eimage.jpg
This would force anything potentially malicious to be handled by the server.
Are there any cons to doing this?