I saw a Kohana framework that allows users to optionally use HTMLPurifier for any possible XSS attacks.
I thought that HTMLPurifier was supposed to allow standardized HTML output.
Does it help to avoid XSS attacks 100% or, possibly, to a large extent? Or do you suggest something else.
thanks
As far as any possible software is concerned, it cannot be perfect , and there is always the risk that someone somewhere will one day find a security hole and use it.
, , " XSS 100%"...
, HTMLPurifier, - .
, , ", " - ; -)