Well it does, but just not in the way I was expecting. It removes all html that it considers dangerous. However it will let some html elements through. When I ran my simple login script using a web vulnerability scanner, it returned cross site scripting (XSS) vulnerabilities that I was not expecting. If you are not accepting any html in your input […]