Jump to content

Is it possible to XSS with htmlentities enabled?


PugJr
 Share

Recommended Posts

 

 $postcontent = protection($postcontent); 

 

That being how the content is protected. The function is:

 

 function protection($content){

$content = htmlentities($content);

$content = mysql_real_escape_string($content);

return $content;

} 

 

 

Anything I should do to protection() to make it more secure?

Link to comment
Share on other sites

that was one point, why I asked the OP to be more specific. There might be more trouble. But since you are not willing to provide any information and seem to think this is a quiz show....do not expect any answers. You're on your own.

Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.