News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Rob Allen's Blog:
Zend Framework 2 beta 4 released
May 28, 2012 @ 19:42:51

As Rob Allen mentions in his latest post, the latest revision of the Zend Framework v2 has been released and is ready for testing - Zend Framework 2 beta4.

Earlier this week, we got beta 4 of Zend Framework 2 out of the door. This version has some very significant improvements in it which mean that if you're following along at home with the betas, then you're going to be doing a bit of updating! Most of the B/C breaks are noted in this thread.

He's also made updates to his Zend Framework 2 tutorial to match these most recent changes. He points out three key new features - the ZendServiceManager, ZendForm and ZendInputFilter updates and the introduction of Composer support to pull packages.

0 comments voice your opinion now!
zendframework2 beta4 release servicemanager form inputfilter composer


Zend Developer Zone:
Avoiding XSS security attacks to sites that use HTML editors
March 27, 2007 @ 10:03:00

In an article from the Zend Developer Zone by Manuel Lemos, there's a look at how to avoid cross-site scripting security attacks on a site that allows users to input information via a HTML editor.

HTML editors are great. However, care must be taken to avoid security abuses. An application that uses HTML editors, expects that the submitted HTML content comes correctly formatted and well-formed. That happens when real users use real browsers to edit the content.

However, an attacker may create a program that pretends to be a real browser and submit specially crafted HTML with Javascript that may open security holes.

Manuel talks a bit about what cross-site scripting means in this context and a simple (Javascript) example of how a user could abuse it. His solution? Parse the incoming data (filter it!) and look for potentially harmful tag types. To do this, he recommends the PHP Input Filter class. There's even a simple example of how to use it included in the post.

0 comments voice your opinion now!
crosssitescripting htmleditor fckeditor xss inputfilter class crosssitescripting htmleditor fckeditor xss inputfilter class



Community Events





Don't see your event here?
Let us know!


interview deployment library tips install release community opinion podcast api series symfony bugfix language introduction voicesoftheelephpant list laravel package framework

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework