besly98 Posted June 23, 2009 Share Posted June 23, 2009 Hi All, I have been searching for hours for a decent tutorial on how to prevent xss attacks. does anyone know any? im slightly confused by the amount i have read on exactly what im lookign for, if i can just get away with convirting all the tags using htmlspecialchars or strip_tags. can anyone help? Link to comment https://forums.phpfreaks.com/topic/163344-php-xss-atacks/ Share on other sites More sharing options...
Adam Posted June 23, 2009 Share Posted June 23, 2009 Have a read through this... http://www.phpfreaks.com/tutorial/php-security Link to comment https://forums.phpfreaks.com/topic/163344-php-xss-atacks/#findComment-861815 Share on other sites More sharing options...
AviNahum Posted June 23, 2009 Share Posted June 23, 2009 the basic protection its block html an javascript tags.... $txt = htmlspecialchars("$_POST['name']", ENT_QUOTES); its simply protects you from things like JS alert... Link to comment https://forums.phpfreaks.com/topic/163344-php-xss-atacks/#findComment-861830 Share on other sites More sharing options...
Adam Posted June 23, 2009 Share Posted June 23, 2009 If you read that tutorial you'll see how sometimes that doesn't protect you. Besides that not all input can be treated the same.. In certain circumstances you will need different filters to reflect what you're doing with the data. Link to comment https://forums.phpfreaks.com/topic/163344-php-xss-atacks/#findComment-861855 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.