iRev Input Validation Libraries

Ralf Bitter rabit at dimensionB.de
Sat Sep 18 16:31:17 EDT 2010


For XSS filtering see the rigXssClean() function
in system/libraries/Input.irev.

Unfortunately revIgniter's implementation for escaping database queries
can not be associated with only one handler you could copy and paste.
This subject is a bit more complex, so please bare with me when I  point you
to entire libraries like system/database/DBactiveRec.irev,
system/database/DBdriver.irev and system/database/drivers/mysql/mysqlDriver.irev.

Cheers

Ralf


On 18.09.2010, at 19:38, Web Admin Himalayan Academy wrote:

> On 9/18/10 3:08 AM, Ralf Bitter wrote:
>> just to clarify:
>> active record database queries are escaped automatically by revIgniter,
>> not by the server engine. Obviously the revIgniter user guide is
>> capable of being misunderstood here. I will change that.
>> 
>> Regarding XSS attacks:
>> revIgniter comes with a Cross Site Scripting Hack prevention filter
>> which can either run automatically to filter all POST and COOKIE data
>> that is encountered, or you can run it on a per item basis.
>> 
>> Cheers
>> 
>> Ralf
> 
> where in the framework can i find that code i.e library files... for now I need to use it outside the revigniter framework (see other memo on that issue.)
> 
> Thanks!
> 
> Skts




More information about the use-livecode mailing list