| [ Index ] |
PHP Cross Reference of phpBB-3.3.14-deutsch |
[Source view] [Print] [Project Stats]
(no description)
| Copyright: | Copyright (c) 2010-2022 The s9e authors |
| License: | http://www.opensource.org/licenses/mit-license.php The MIT License |
| File Size: | 62 lines (2 kb) |
| Included or required: | 0 times |
| Referenced: | 0 times |
| Includes or requires: | 0 files |
| getDisallowedCharactersAsURL() X-Ref |
| Get the list of UTF-8 characters that are disallowed as a URL ":" is disallowed to prevent the URL to have a scheme. return: string[] |
| getDisallowedCharactersInCSS() X-Ref |
| Get the list of UTF-8 characters that are disallowed in CSS - "(" and ")" are disallowed to prevent executing CSS functions or proprietary extensions that may execute JavaScript. - ":" is disallowed to prevent setting extra CSS properties as well as possibly misusing the url() function with javascript: URIs. - "\", '"' and "'" are disallowed to prevent breaking out of or interfering with strings. - ";", "{" and "}" to prevent breaking out of a declaration return: string[] |
| getDisallowedCharactersInJS() X-Ref |
| Get the list of UTF-8 characters that are disallowed in JS Allowing *any* input inside of a JavaScript context is a risky proposition. The use cases are also pretty rare. This list of disallowed characters attempts to block any character that is potentially unsafe either inside or outside of a string. - "(" and ")" are disallowed to prevent executing functions. - '"', "'", "\" and "`" are disallowed to prevent breaking out of or interfering with strings. - "\r", "\n", U+2028 and U+2029 are disallowed inside of JavaScript strings. - ":" and "%" are disallowed to prevent potential exploits that set document.location to a javascript: URI. - "=" is disallowed to prevent overwriting existing vars (or constructors, such as Array's) if the input is used outside of a string return: string[] |
| Generated: Mon Nov 25 19:05:08 2024 | Cross-referenced by PHPXref 0.7.1 |