Is there a definitive anti-XSS library for PHP?

php security input xss
HappyDeveloper picture HappyDeveloper · Oct 20, 2010 · Viewed 11.8k times · Source

I already know how XSS works, but finding out all the many different ways to inject malicious input is not an option.

I saw a couple libraries out there, but most of them are very incomplete, ineficient, or GPL licensed (when will you guys learn that GPL is not good to share little libraries! Use MIT)

Answer

atk picture atk · Oct 20, 2010

OWASP offers an encoding library, on which time has been spent to handle the various cases.

Obsolete: http://www.owasp.org/index.php/Category:OWASP_Encoding_Project

Now at http://code.google.com/p/reform/
and OWASP's antiXSS specific library is at: http://code.google.com/p/php-antixss/

Related questions

how sanitize input codeigniter 3?

First of all I should remind you that I have read this post and few other posts about my question but most of all are almost old and they are for about 3 years ago. Now I'm using CodeIgniter 3 and I …

Read More
How can I prevent SQL injection in PHP?

If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST['user_input']; mysql_query("INSERT INTO `table` (`column`) VALUES ('$unsafe_variable')"); That's …

Read More
How can I sanitize user input with PHP?

Is there a catchall function somewhere that works well for sanitizing user input for SQL injection and XSS attacks, while still allowing certain types of HTML tags?

Read More