Are data URIs on

Question

After reading this article I don\'t have a clear answer:

http://palizine.plynt.com/issues/2010Oct/bypass-xss-filters/

• Will browsers interpret text/html

Answer 1

It is possible to inject data in this way, but it is important to note that it is also possible to inject data in the binary data of images themselves. Either way nothing is 100% safe. EVER. If you are using the codeigniter framework, you can very solidly protect yourself from this with

   $this->security->xss_clean()

Other than that could could build your own version of such a script that just removes dangerous things with regex. Remember to be concerned about different character encodings when building such a script.