Chaitanya Lakshmi
  • About Me
  • Job Duties
  • Knowledge Blog
  • Applications
  • Contact Us
    • Linked In
    • Facebook
  • About Me
  • Job Duties
  • Knowledge Blog
  • Applications
  • Contact Us
    • Linked In
    • Facebook

What is filter_xss() function usage in Drupal?

3/8/2012

0 Comments

 
filter_xss() will Filters HTML to prevent cross-site-scripting (XSS) vulnerabilities.

Syntax:filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd'))


This code does four things:
  • Removes characters and constructs that can trick browsers.
  • Makes sure all HTML entities are well-formed.
  • Makes sure all HTML tags and attributes are well-formed.
  • Makes sure no HTML tags contain URLs with a disallowed protocol (e.g. javascript:).
Parameters $string: The string with raw HTML in it. It will be stripped of everything that can cause an XSS attack.

$allowed_tags: An array of allowed tags.

Return value An XSS safe version of $string, or an empty string if $string is not valid UTF-8.


Refer: http://api.drupal.org/api/drupal/modules!filter!filter.module/function/filter_xss/6
0 Comments



Leave a Reply.

    Archives

    April 2012
    March 2012
    February 2012

    Categor

    All
    Ajax
    Api
    Cross Site Scripting
    Css
    Curl
    Design Patterns
    Drupal
    Exception Handling
    Htaccess
    Html
    Javascript
    Jquery
    Json
    Linux
    Mysql
    Oops
    Php
    Regular Expressions
    Web 2.0
    Webservices
    Wordpress
    Xhtml

    RSS Feed

Powered by Create your own unique website with customizable templates.