Re: [RFC] Improve HTML escape

From:	Yasuo Ohgaki	Date:	Mon, 03 Feb 2014 22:44:05 +0000
Subject:	Re: [RFC] Improve HTML escape
References:	1 2 3 4 5 6 7 8 9 10	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi all,

On Tue, Feb 4, 2014 at 7:37 AM, Yasuo Ohgaki <[email protected]> wrote:

> On Tue, Feb 4, 2014 at 7:31 AM, Pádraic Brady <[email protected]>wrote:
>
>> While I'm dubious about forward slash escaping myself and think it
>> might have been OWASP veering into overkill,
>>
>
> Yes they are. They are very conservative to security.
> For example, they suggest to escape almost all char by applying
> HEX escape for JavaScript string literals.
>
> It may be too much, but I'm sure it's more secure.
>

If anyone interested in PHP implementation of OWASP suggested JavaScript
string literal escape. This is my blog for it.

http://blog.ohgaki.net/javascript-string-escape

It's written in Japanese. You may recognize PHP code and use google
translate or like if you would like to read content.

Regards,

--
Yasuo Ohgaki
[email protected]


   

Thread (37 messages)

• Yasuo OhgakiSun, 02 Feb 2014 03:09:43 +0000
  • Sara GolemonSun, 02 Feb 2014 03:15:00 +0000
    • Yasuo OhgakiSun, 02 Feb 2014 03:31:19 +0000
      • Sara GolemonSun, 02 Feb 2014 03:35:46 +0000
      • Pavel KouřilSun, 02 Feb 2014 09:38:22 +0000
        • Yasuo OhgakiSun, 02 Feb 2014 09:54:38 +0000
      • Stas MalyshevSun, 02 Feb 2014 10:19:03 +0000
  • Andrea FauldsSun, 02 Feb 2014 03:27:44 +0000
    • Yasuo OhgakiSun, 02 Feb 2014 03:33:37 +0000
      • Stas MalyshevSun, 02 Feb 2014 10:21:31 +0000
        • Rouven WeßlingSun, 02 Feb 2014 11:08:22 +0000
          • Pádraic BradySun, 02 Feb 2014 13:55:32 +0000
            • Rouven WeßlingSun, 02 Feb 2014 22:55:21 +0000
        • Yasuo OhgakiMon, 03 Feb 2014 01:43:48 +0000
          • Yasuo OhgakiMon, 03 Feb 2014 05:33:55 +0000
          • Stas MalyshevMon, 03 Feb 2014 08:17:58 +0000
            • Pádraic BradyMon, 03 Feb 2014 11:06:22 +0000
              • Yasuo OhgakiMon, 03 Feb 2014 22:15:31 +0000
                • Stas MalyshevMon, 03 Feb 2014 22:21:08 +0000
                  • Yasuo OhgakiMon, 03 Feb 2014 22:26:47 +0000
                    • Rowan CollinsTue, 04 Feb 2014 14:53:28 +0000
                      • Pádraic BradyTue, 04 Feb 2014 15:15:45 +0000
            • Yasuo OhgakiMon, 03 Feb 2014 22:04:07 +0000
              • Stas MalyshevMon, 03 Feb 2014 22:14:27 +0000
                • Yasuo OhgakiMon, 03 Feb 2014 22:21:45 +0000
                  • Stas MalyshevMon, 03 Feb 2014 22:24:22 +0000
                    • Yasuo OhgakiMon, 03 Feb 2014 22:31:16 +0000
                      • Lester CaineMon, 03 Feb 2014 23:22:01 +0000
                        • Pádraic BradyTue, 04 Feb 2014 00:20:19 +0000
                        • Yasuo OhgakiTue, 04 Feb 2014 05:46:35 +0000
                • Pádraic BradyMon, 03 Feb 2014 22:31:14 +0000
                  • Yasuo OhgakiMon, 03 Feb 2014 22:37:49 +0000
                    • Yasuo OhgakiMon, 03 Feb 2014 22:44:05 +0000
  • Andrea FauldsTue, 04 Feb 2014 15:57:29 +0000
    • Pádraic BradyTue, 04 Feb 2014 21:22:26 +0000
      • Yasuo OhgakiWed, 05 Feb 2014 02:10:39 +0000
        • Pádraic BradyWed, 05 Feb 2014 10:54:07 +0000