Sorry if it sounds like I made that assumption -- I guess my question was a little too broad and the title a bit sensational.
To focus my question a little further, I pointed out that in the Sanitize->html function, a simple find and replace was done on certain characters. My (very basic) understanding of XSS attacks is that they will often evade filters by using certain characters that can be expressed with patterns not caught by the filter, but when rendered, are considered the same. To say that cleanArray is the end-all solution to XSS attacks is silly, I agree :) I'm more interested in the particular issue I pointed out -- using characters not caught by the regular expression in Sanitize->html -- and whether or not such an attack would be foiled by cleanArray. My feeling is that it would not, but I don't know enough about XSS attacks to craft one that would use these other characters. Thanks for the response Sam. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---