是否有针对PHP的明确的反XSS库? [英] Is there a definitive anti-XSS library for PHP?

问题描述

我已经知道XSS的工作原理，但要找出注入恶意输入的所有许多不同方法是不可能的.

I already know how XSS works, but finding out all the many different ways to inject malicious input is not an option.

我看到了几个库，但是其中大多数库非常不完整，效率低下或已获得GPL许可(你们何时会得知GPL不利于共享小的库，请使用MIT)

I saw a couple libraries out there, but most of them are very incomplete, ineficient, or GPL licensed (when will you guys learn that GPL is not good to share little libraries! Use MIT)

推荐答案

OWASP提供了一个编码库，在该编码库上已经花了很多时间来处理各种情况.

OWASP offers an encoding library, on which time has been spent to handle the various cases.

已淘汰: http://www.owasp.org/index.php/类别: OWASP_Encoding_Project

现在访问 http://code.google.com/p/reform/
OWASP的antiXSS专用库位于: http://code.google.com/p/php- antixss/

Obsolete: http://www.owasp.org/index.php/Category:OWASP_Encoding_Project

Now at http://code.google.com/p/reform/
and OWASP's antiXSS specific library is at: http://code.google.com/p/php-antixss/

这篇关于是否有针对PHP的明确的反XSS库?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！