XSS is like, rampant dude
Closed this issue · 4 comments
jamjar919 commented
All database inputs should be ran through at least striptags()
, currently they are not.
jamjar919 commented
jamjar919 commented
Looking at that it seems to implement far more functionality than we need. Will roll own
jamjar919 commented
Even better htmlspecialchars($var, ENT_QUOTES)
does what we need