• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Javascript sanitize ?



Hello XF,

Here is my problem, I sanitize my inputs using the ->filter() method of the xenforo framework.

I fetch my vars (sanitized) from my DB, and show them on a page. But when I trigger on event with Javascript onto these text, if one of them got the "<script>alert("XSS");</script>" text (as an example of course) it's poping up the alert !

What I've done wrong ? How to sanitazie my javascript text.