good chemistry is complicated, and a little bit messy -LW |
|
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
I'm afraid you don't get the concept of XSS. You're dealing with encoding/HTML Entity problems, which is bad, but completely different than XSS "protection". For XSS "protection", have a look at HTML::StripScripts, it works rather well :-) Update: after reading your post again, it does seem you want to prevent XSS attacks (by using HTML::Entities) yet you don't want your "crazy letters" to be lost ;-). I'm not sure HTML::Entities will bulletproof your script. Have a look at HTML::StripScripts, really. But experts my say HTML::Entities _is_ enough (I would love to hear opinions on this) In reply to Re: Preventing XSS
by b10m
|
|