[OWASP_PHPSEC] CSRF prevention and XSS filtering

rahul chaudhary rahul300chaudhary400 at gmail.com
Tue Sep 10 16:19:35 UTC 2013


for XSS, inside core library, you can see a file called "functions.php"
that contains code to safely output the strings. That will prevent XSS as
it uses parameterized methods to output a string.

as for CSRF, that is for version 2.


On Tue, Sep 10, 2013 at 9:16 AM, Abbas Naderi <abiusx at owasp.org> wrote:

> XSS filtering, scanner and core functions.
>
> CSRF preventation, there's a separate project in OWASP.
> -A
> ______________________________________________________________
> *Notice:** *This message is *digitally signed*, its *source* and *
> integrity* are verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> AbiusX.com
>
> On Sep 9, 2013, at 11:44 PM, Shivam Dixit <shivamd001 at gmail.com> wrote:
>
> Hello Rahul,
>
> Is there any library in PHPSEC for* CSRF prevention and XSS filtering* ?
> I am not able to find one. Is it not required ?
>
> --
> *Cheers,*
> *Shivam*
>  _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>
>
>
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>
>


-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130910/b68e166f/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list