XSS Filtering

    We all know about this type of attack as XSS (a lot has been written about their types and methods of use), we all know what danger such an attack can cause, and also that you always need to check incoming data for XSS - they write about it everywhere .

    But there is practically no information about exactly what and how to protect oneself.

    I’m a web developer who created my own SMS based on which I create websites (why did I invent a bicycle? This is not the topic for this discussion), having done a detailed analysis, I realized that the protection was frankly weak and tried to find a solution to the problem. I found a large detailed collection of possible options for XSS attacks - these will be test attacks that should be filtered.

    As a result of searches and testing, I determined for myself that I completely coped with the task - only HTML Purifier . The filter library is written in PHP with huge configuration options.
    Everything in this library is excellent, except for one point - the library uses 4.2Mb of memory in its work, which, in my opinion, is too much.

    The remaining applicants either failed to fully cope with all the tests, or are so outdated that only inactive links remain on them.

    I understand that this filter will rarely run (exclusively to check incoming data from potentially dangerous visitors), but because of my own convictions I try to improve everything as much as possible.

    Perhaps someone owns information about a better and more optimized filter?
    Not a problem if it is written in another language.

    Ideally, a simple and fast function is wanted that can clearly filter XSS attacks.

    Also popular now: