XSS Cross Site Scripting prevention on input forms

My agency tests all input forms on our web sites for XSS and tries to prevent it as much as possible.

They would like to prevent cross site scripting on the text input fields for the registration forms (for at least the basic fields of Name, Address, City, State, and Comments). We are willing to modify the necessary module(s) so whenever < and/or > are entered in the fields, they are replaced with &lt; and &gt;, respectively.

Could you please supply me with the locations of the files that handle the input to add this code for this ability? We are willing to send you a finished copy for your own records or upgrade in the future.

Thank you.

Hi Judy

The files are located under components/com_eventbooking/views/register/tmpl

and components/com_eventbooking/views/confirmation/tmpl folder

Hope this give you alitle help !

Tuan

Update: During testing the new version 1.6.6 - it is stripping out any script from the input fields. So this is no longer a problem. It does leave any html tags and our security unit seems to be OK with that.

OK Judy. Thanks for confirming (and sharing the information). We use Joomla core API for filtering input data, so I believe it should work well.

Regards,

Tuan