The JetScripts Data Sanitizer and XSS Cleaner prevents SQL-injection attacks and Cross-Site Scripting exploits by cleaning or 'sanitizing' user-submitted data. It's a must for any website that accepts user input, such as blogs, bulletin boards, and contact forms. This tool is intended for users who write or modify scripts, or who want an extra measure of protection against malicious users, hackers, and spambots. It is not intended for the casual user or those without at least some minimal knowledge of the PHP scripting language.The Sanitizer can operate in several different cleaning modes: * Numeric only: Screens out everything except numeric data. Only the numbers 0 through 9 are allowed to pass, plus the space, period, and '-' characters. * Alphabetic Only: Screens out everything except the letters A through Z (upper and lower case), plus spaces and the underscore character '_'. HTML-style brackets are not passed. * Alphanumeric Only: Screens out everything except alphanumeric characters, numbers, space characters, underscores, periods, colons, and dashes. * Alphanumeric with Punctuation: Similar to the above mode, but relaxes screening for most punctuation characters. * Email Validation mode: Allows only characters legal for use in email addresses: 0-9, a-z, A-Z, @ _ \ - \ .. HTML-style brackets are not passed. In each of the above modes other common exploit command entities are removed, such as: 'alert', 'cmd', 'passthru', 'eval', 'exec', 'system', 'fopen', 'fsockopen', 'file', 'file_get_contents', 'readfile', and 'unlink'. Also removed are dozens of Javascript-specific exploit entities.The Sanitizer also perform a number of data transforms to ensure that malicious input isn't obfuscated and passed in. Entities like 'j a v a s c r i p t', 'vbscript', 'script', 'alert', 'document', 'write' and others are stripped of spaces and compacted back to their original forms for detection and removal.Obfucated and escaped strings are converted and scanned, as well as UTF16 data, null characters, octal characters, cookie commands, and many other potentially malicious data strings.Stop relying on ineffective measures like 'mysql_real_escape()', 'strip_tags()', 'magic_quotes()' or other ineffective methods for cleaning and securing user-supplied data. None of those methods will stop even a slightly motivated hacker or script-kiddie.The number and creativity of SQL-injection attacks and Cross-Site Scripting exploits increases every day- isn't it about time you started using some industrial-strength measures to keep them off your site and out of your server?
