Wednesday, July 29, 2009

strip_tags function for php

php provide a function named strip_tags(string str[,array allowable_tags]). we can strip html tags using this function. But this is function is not safe totally as the allowable_tags parameter will can those tags that will not be stripped off. So, we can totally rely on strip_tags for input filtering and output escaping. Let's the zend mock question for php 5 certification.

Question: When using a function such as strip_tags, are markup-based attacks still possible?

Answer:

1. No, HTML does not pose any security risks
2. Yes, even a

HTML tag is a security risk
3. Yes, attributes of allowed tags are ignored
strip_tags does not strip allowable tags.
4. No, strip_tags will prevent any markup-based attack
See the book OpenCart 1.4 Template Design Cookbook.
See the book Joomla Mobile Development Beginners Guide





List of my works:

Technical Support:

If you still face the technical problem, please get support of our highly skilled technical team: garazlab.com.


Wordpress Plugins:
  1. Real-Time Health Data from Every Where:WP plugin to display real-time health data & increase sale by promoting user specific products according to health information: garazlab.com.
  2. Woocommerce Stock Notification Builder:Sends desktop, mobile & email notifications with full customization.Build your own product notification system with it: garazlab.com.

Opencart Extensions:

  1. Product Based Quantity Wise Shipping: Find it here.
  2. OpenSSLCOMMERZ: integrate SSLCOMMERZ with opencart: Find it here.
  3. Fine Search v.1.0 - Improves Opencart search feature to find relevant: Find it here.
  4. Opensweetcaptcha - An easy way to generate attractive captcha for your system!: Find it here.
  5. Custom Field Product - add unlimited custom fields to the product form: Find it here.
  6. Formcaptcha - add captcha on the register page: Find it here.

My Books:

  1. OpenCart 1.4 Template Design Cookbook.
  2. Joomla Mobile Development Beginners Guide

No comments: