I think given the variety and varying levels of sophistication of XSS attacks (as well as other attacks on a site in this day and age) to assume that one verb or a framework can protect you from them is 'crazy'. Only you can know how your application is vulnerable and what can be done with it.
Can cleanArray help? yes. Can it foil all efforts? don't be silly. Does the framework reduce a sites vulnerablity? yes. Is it perfect? no.
That is why there is the SecurityComponent, the cleanArray, and other functions. It is a battle we all must wage and continue to learn and share methods and practices to solve. cleanArray would only address a small fraction of the possible ways to 'break' into your app.
Humbly
Sam D
On 8/1/06, Eric Farraro <[EMAIL PROTECTED]> wrote:
Surely someone must know a bit about XSS vulnerabilities! :)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/cake-php
-~----------~----~----~----~------~----~------~--~---
- Re: Will Sanitize->cleanArray protect a... Eric Farraro
- Re: Will Sanitize->cleanArray prot... Samuel DeVore
- Re: Will Sanitize->cleanArray ... Eric Farraro
- Re: Will Sanitize->cleanAr... John David Anderson (_psychic_)
- Re: Will Sanitize->cle... Eric Farraro
- Re: Will Sanitize-&g... Eric Farraro