Bravo List
Register
Go Back   > Bravo List > P2P > Forum > Tutorials
Reply
  #1  
Old 21st October 2021, 16:04
BamBam0077 BamBam0077 is offline
Banned
 
Join Date: Jul 2013
P2P
Posts: 410
Default [ViP] cross-site scripting (XSS) attacks
when data comes from external sources like </form> filled in by anonymous users, there is a risk that it may contain malicious script indented to launch cross-site scripting (XSS) attacks. Therefore, you must escape this data using the PHP htmlspecialchars() function before displaying it in the browser, so that any </html> tag it contains becomes harmless.

For example, after escaping special characters the string <script>alert("XSS")</script> becomes &lt;script&gt;alert("XSS")&lt;/script&gt; which is not executed by the browser.
[/PHP]

Last edited by BamBam0077; 21st October 2021 at 16:05. Reason: Credits> https://www.tutorialrepublic.com/php-tutorial/php-mysql-login-system.php
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 12:51. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.