[ViP] cross-site scripting (XSS) attacks
when data comes from external sources like </form> filled in by anonymous users, there is a risk that it may contain malicious script indented to launch cross-site scripting (XSS) attacks. Therefore, you must escape this data using the PHP htmlspecialchars() function before displaying it in the browser, so that any </html> tag it contains becomes harmless.
For example, after escaping special characters the string <script>alert("XSS")</script> becomes <script>alert("XSS")</script> which is not executed by the browser.
[/PHP]
Last edited by BamBam0077; 21st October 2021 at 16:05.
Reason: Credits> https://www.tutorialrepublic.com/php-tutorial/php-mysql-login-system.php
|