The application scenario is that the user can enter any text, but cannot enter code like HTML
User input can be filtered through filter_sanitize_string in PHP
is the filtered content safe enough to be used for other uses such as XSS filtering?
Reply content:
The application scenario is that the user can enter any text, but cannot enter code like HTML
User input can be filtered through filter_sanitize_string in PHP
is the filtered content safe enough to be used for other uses such as XSS filtering?
The title mentions safe enough ... The key is to see how you understand this is enough ...
For XSS ... The full name of XSS is Cross-site Scripting
... Key points in Scripting ...
If you use the ... FILTER_SANITIZE_STRING
There is definitely no risk of being XSS ...
But that doesn't mean it's completely safe anywhere ... Other risks still exist ...
For example, this content can not be directly written into the SQL statement before processing.
And also depends on how you put the user input content display ...
If the user enters content that may legitimately appear in the script
tag ... Additional processing must also be done ...