View Single Post
07-26-2008, 04:20 PM
Join Date: Jun 2008
Location: Twin Cities, Minnesota, USA
Make sure you either strip out or stop CSS like this:
: XSS() ); }
That's a pretty big XSS vector. If you don't only allow edits to css but also to xhtml/html, I suggest using
HTML Purifier - Filter your HTML the standards-compliant way!
, since that will be very likely to stop major XSS vectors.
View Public Profile
Send a private message to ryanmr
Find More Posts by ryanmr