Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   Tutorials (http://www.bvlist.com/forumdisplay.php?f=61)
-   -   [ViP] cross-site scripting (XSS) attacks (http://www.bvlist.com/showthread.php?t=12435)

BamBam0077 21st October 2021 16:04
[ViP] cross-site scripting (XSS) attacks
 
when data comes from external sources like filled in by anonymous users, there is a risk that it may contain malicious script indented to launch cross-site scripting (XSS) attacks. Therefore, you must escape this data using the PHP htmlspecialchars() function before displaying it in the browser, so that any tag it contains becomes harmless.

For example, after escaping special characters the string becomes <script>alert("XSS")</script> which is not executed by the browser.
[/PHP]


All times are GMT +2. The time now is 07:31.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.