Taint &reftitle.intro; Taint is an extension, which is used for detecting XSS codes(tainted string). And also can be used to spot sql injection vulnerabilities, and shell inject, etc. When taint is enabled, if you pass a tainted string (comes from $_GET, $_POST or $_COOKIE) to some functions, taint will warn you about that. ]]> &example.outputs.similar; &reference.taint.setup; &reference.taint.detail; &reference.taint.reference;