Better way preventing xss attack?
2 — you should convert to the target format at the last possible moment. This saves you from problems down the road should you, for example, decide you want to use the same content in an email, a PDF, as text back to the user for editing, etc, etc.
The best way(option number 3..) if you ask me is using the latest filter extension to handle filtering for you(PHP5). I like to put filter_input_array at the top of my php file to protect myself against for example POST XSS attacks.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.
Related Questions
XSS: REQUEST_URI run through htmlspecialchars() - then replacing & with & - enough to prevent XSS injection?
Preventing XSS attacks on user submitted HTML content in PHP, the eBay way?
Preventing Javascript and XSS attacks?
Interpolique: transparently preventing SQL Injection and XSS with base64 encoding, what happened?
Determining XSS Attack Vulnerabilities?
Can there be a malicious XSS attack inside the members section of my site?