ZF-2343: Safe HTML project

Issue Type:

Improvement

Created:

2007-12-20T15:53:39.000+0000

Last Updated:

2009-01-10T11:02:26.000+0000

Status:

Closed

Fix version(s):

Reporter:

Darby Felton (darby)

Assignee:

Ralph Schindler (ralph)

Tags:

Related issues:

Attachments:

HTML produced by Zend Framework components should be safe for publishing by removing all potentially harmful content, such as Javascript.

We should start by testing the current algorithm of {{Zend_Filter_StripTags}} against various attack vectors.

References:

xss.html

This issue may affect other components, such as Zend_View and friends.

Posted by Wil Sinclair (wil) on 2008-04-18T13:11:53.000+0000

This doesn't appear to have been fixed in 1.5.0. Please update if this is not correct.

Posted by Wil Sinclair (wil) on 2008-04-18T17:11:46.000+0000

Please evaluate and categorize/assign as necessary.

Posted by Kamil Nowakowski (kamiln) on 2008-04-27T02:16:12.000+0000

You can look also at http://php-ids.org/

Posted by Wil Sinclair (wil) on 2008-06-09T13:29:42.000+0000

Reassigning for prioritization.

Posted by Ralph Schindler (ralph) on 2009-01-10T11:02:26.000+0000

This is a massive undertaking and should come in the form of a component proposal.