$form{'TITLE'} =~ s/\</\<\;/g;
$form{'TITLE'} =~ s/\>/\>\;/g;
$form{'TITLE'} =~ s/[\"\'\}\{\)\(\+]//g;
$form{'TITLE'} =~ s/<!(?:--[\s\S]*?--\s*)?>\s*//g;
$form{'TITLE'} =~ s/[\~\^]//g;
$form{'TITLE'} =~ s/~!/ ~!/g;
$form{'TITLE'} =~ s/<*(javascript)[^>]+>//gi;
$form{'TITLE'} =~ s/(<[\s\/]*)(script\b[^>]*>)/$1x$2/gi;
$form{'TITLE'} =~ s/<*(iframe)[^>]+>//gi;
$form{'TITLE'} =~ s/<*(script)[^>]+>//gi;
I know what they (are supposed to) do, and I know what the meaning of some lines, like the ones here, is:
--
$form{'TITLE'} =~ s/\</\<\;/g;
$form{'TITLE'} =~ s/\>/\>\;/g;
something like:
if a=< them save this as <
if a=> then save this >
--
but I never found a Webpage anywhere explaining in detail everyone of all those "s/[\"\'\}\{\)\(\+]//g;---e.t.c." exact functions.
I care very much about security, and if I find some place where I can learn more about this, I would be very happy. I am a Swiss, so, my script-technical english is rather limited. This may make it a little harder to really understand everything written on the Web, especially when it comes to zbderstanding lines like: s/<!(?:--[\s\S]*?--\s*)?>\s*//g;
Thank you very much for your help.
Ernie
[edited by: phranque at 11:25 pm (utc) on Sep. 19, 2008]
[edit reason] No urls, please. See TOS [webmasterworld.com] [/edit]
$form{'TITLE'} =~ s/[\"\'\}\{\)\(\+]//g;
there is no need for all the backslashes:
$form{'TITLE'} =~ s/["'}{)(+]//g;
what it does is removes all the characters inside the square brackets [] from $form{'TITLE'}. Its better written like so:
$form{'TITLE'} =~ tr/"'}{)(+//d;
When it comes to just removing some characters from a string tr/// is very efficient.
Now this is what I was looking for! I am sure I will find a lot of answers and even more input my make my thing even more secure than it is already.
Greast Place here. Great Peoples. Thank you!
Ernie
[edited by: phranque at 5:55 am (utc) on Sep. 21, 2008]
[edit reason] cleaning up [/edit]
