Wednesday, July 29, 2009

strip_tags function for php

php provide a function named strip_tags(string str[,array allowable_tags]). we can strip html tags using this function. But this is function is not safe totally as the allowable_tags parameter will can those tags that will not be stripped off. So, we can totally rely on strip_tags for input filtering and output escaping. Let's the zend mock question for php 5 certification.

Question: When using a function such as strip_tags, are markup-based attacks still possible?

Answer:

1. No, HTML does not pose any security risks
2. Yes, even a

HTML tag is a security risk
3. Yes, attributes of allowed tags are ignored
strip_tags does not strip allowable tags.
4. No, strip_tags will prevent any markup-based attack
See the book OpenCart 1.4 Template Design Cookbook.
See the book Joomla Mobile Development Beginners Guide





List of my works:

Opencart Extensions:

  1. Product Based Quantity Wise Shipping: Find it here.
  2. OpenSSLCOMMERZ: integrate SSLCOMMERZ with opencart: Find it here.
  3. Fine Search v.1.0 - Improves Opencart search feature to find relevant: Find it here.
  4. Opensweetcaptcha - An easy way to generate attractive captcha for your system!: Find it here.
  5. Custom Field Product - add unlimited custom fields to the product form: Find it here.
  6. Formcaptcha - add captcha on the register page: Find it here.

My Books:

  1. OpenCart 1.4 Template Design Cookbook.
  2. Joomla Mobile Development Beginners Guide

No comments: