Collaborate Disseminate
Bad home brew implementations of BB code (especially in PHP) are a common source of XSS vulnerabilities. Usually they rely on a bunch of regexes, a tool that is not fit for the job.
But lo and behold – there is a PHP extens… Continue reading Is the PHP BB code extension safe against XSS?
I am having an issue where people are able to exploit my custom BBCode. I am unsure how to patch this up, and was hoping someone here would help me. In the code below, there is a lot more BBCode in the arrays, but I only have… Continue reading Custom BBCode preg_replace exploit (patch help needed)
I’m trying to make a kind of administratorpanel for my website, so I could e.g. easily add news articles to my website. The problem is that the administrators should be able to use a kind of BBCode, but I need to do this in a… Continue reading Securely interpret BBCode tags in PHP