source file: /includes/XSSClean.php
Sanitizes data so that Cross Site Scripting Hacks can be prevented.
string sanitize ( string $str , [ $rawurldecode = true] )
Sanitizes submitted data so that Cross Site Scripting Hacks can be prevented.
This class is taken from the CodeIgniter PHP Framework, version 2.1.2.
Following is the original documentation of the class, as found in CodeIgniter:
Sanitizes data so that Cross Site Scripting Hacks can be prevented. This function does a fair amount of work but it is extremely thorough, designed to prevent even the most obscure XSS attempts. Nothing is ever 100% foolproof, of course, but I haven't been able to get anything passed the filter.
Note: This function should only be used to deal with data upon submission. It's not something that should be used for general runtime processing.
This function was based in part on some code and ideas I got from Bitflux: http://blog.bitflux.ch/wiki/XSS_Prevention
To help develop this script I used this great list of vulnerabilities along with a few other hacks I've harvested from examining vulnerabilities in other programs: http://ha.ckers.org/xss.html