PHPDeveloper.org: Evert Pot's Blog: Preventing XSS in Javascript strings

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

News Archive

Adam Culp: PHP usage statistics

Michelangelo van Dam: UA Testing with Selenium and PHPUnit

PHP.net: PHP 5.5.0RC2 is available

Community News: Packagist Latest Releases for 05.24.2013

Site News: Popular Posts for the Week of 05.24.2013

Anna Filina: Full Test Coverage is Impractical

ZFort Group: The Battle of the Titans. Zend vs. Symfony

Lorna Mitchell: Simplest PHP Generator Example

Engine Yard: A Conversation About Testing in PHP

Community News: Packagist Latest Releases for 05.23.2013

Evert Pot's Blog:
Preventing XSS in Javascript strings

by Chris Cornutt August 01, 2008 @ 12:04:47

Evert Pot has pointed out a handy tool that can make escaping strings in and out of your application simpler - Reform.

Reform is a tool that does exactly this. Reform allows you to escape your data for a javascript, xml, html or vbscript (yes it still exists) context. It provides libraries for Java, .NET, PHP, Perl, Python, Javascript and ASP. Pretty cool!

The utility is simply included into the application an called via the static methods it adds. His example shows the escaping of some output text in a Javascript string to correctly prevent it from falling into an evil XSS scheme.

0 comments voice your opinion now!
xss javascript string reform owasp static method

blog comments powered by Disqus

Similar Posts

Martynas Jusevicius' Blog: Method overloading in PHP 5

DevShed: Using Static Methods to Validate Data with Helpers in PHP 5

NetTuts.com: 20 All Too Common Coding Pitfalls For Beginners

DevShed: Handling File Data with the Facade Pattern in PHP 5

DevShed: Returning Strings from Views with Code Igniter

Community Events

Don't see your event here?
Let us know!

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework