string sanitize ( string $str )

Sanitizes submitted data so that Cross Site Scripting Hacks can be prevented.

This class is taken from the CodeIgniter PHP Framework, version 2.1.2.

This method is automatically run for each control when calling validate(), unless specifically disabled by disable_xss_filters())!

Following is the original documentation of the class, as found in CodeIgniter:

Sanitizes data so that Cross Site Scripting Hacks can be prevented. This function does a fair amount of work but it is extremely thorough, designed to prevent even the most obscure XSS attempts. Nothing is ever 100% foolproof, of course, but I haven't been able to get anything passed the filter.

Note: This function should only be used to deal with data upon submission. It's not something that should be used for general runtime processing.

This function was based in part on some code and ideas I got from Bitflux: http://blog.bitflux.ch/wiki/XSS_Prevention

To help develop this script I used this great list of vulnerabilities along with a few other hacks I've harvested from examining vulnerabilities in other programs: http://ha.ckers.org/xss.html

Tags:

Parameters: