besly98 Posted June 23, 2009 Share Posted June 23, 2009 Hi All, I have been searching for hours for a decent tutorial on how to prevent xss attacks. does anyone know any? im slightly confused by the amount i have read on exactly what im lookign for, if i can just get away with convirting all the tags using htmlspecialchars or strip_tags. can anyone help? Quote Link to comment https://forums.phpfreaks.com/topic/163344-php-xss-atacks/ Share on other sites More sharing options...
Adam Posted June 23, 2009 Share Posted June 23, 2009 Have a read through this... http://www.phpfreaks.com/tutorial/php-security Quote Link to comment https://forums.phpfreaks.com/topic/163344-php-xss-atacks/#findComment-861815 Share on other sites More sharing options...
AviNahum Posted June 23, 2009 Share Posted June 23, 2009 the basic protection its block html an javascript tags.... $txt = htmlspecialchars("$_POST['name']", ENT_QUOTES); its simply protects you from things like JS alert... Quote Link to comment https://forums.phpfreaks.com/topic/163344-php-xss-atacks/#findComment-861830 Share on other sites More sharing options...
Adam Posted June 23, 2009 Share Posted June 23, 2009 If you read that tutorial you'll see how sometimes that doesn't protect you. Besides that not all input can be treated the same.. In certain circumstances you will need different filters to reflect what you're doing with the data. Quote Link to comment https://forums.phpfreaks.com/topic/163344-php-xss-atacks/#findComment-861855 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.