Braden
-
04:04:57 pm on May 2, 2008 | # |
We’re building a fancy modularized, templated framework based on Smarty. I’m a firm believer in Filter Input, Escape Output, so I’m working on making Smarty apply htmlentities by default, which seems like the XSS equivalent of SQL prepared statements. Have any of you ever tried an automated approach to XSS protection like this?