Yii Framwork CmsInput Improper XSS Filter

Yii framework CmsInput extension 1 improper XSS sanitation + Discovered by: Jos Wetzels + Affects: Yii framework CmsInput extension xssClean$this-stripTags$str; What happens is that stripTags is called on the user-supplied input before xssClean is called. stripTags is designed to eliminate all...