Hacker News new | ask | show | jobs
by Kudos 5078 days ago
> Filter values based on filter types (supported are: email, striptags)

Striptags is not a security tool, it is a presentation tool.

> Output filtering on all values (preventing XSS)

I'm still trying to figure out how you've implemented this.
1 comments
jarnix 5078 days ago
Here is the escaping :

https://github.com/enygma/shieldframework/blob/master/Shield...

at this line :

$value = htmlspecialchars($value);

link
Kudos 5078 days ago
That could do with being mentioned in the README, a large part of the problem with PHP is developers not knowing what method to use to sanitise strings. After seeing striptags mentioned explicitly, I expected the worst.
link
JohnHaugeland 5078 days ago
He used DES for session security.

That's the worst.

link
Kudos 5077 days ago
https://github.com/enygma/shieldframework/commit/44d9fc7e981...
link