telicgroup Posted April 20, 2010 Share Posted April 20, 2010 Hi, My recent project got infected through Cross Site Scripting, inspite of doing server side validation. Can any one let me know what else needs to be done and to make sure cross site scripting is completely avaoided in all the input fields. Thanks in Advance Link to comment https://forums.phpfreaks.com/topic/199105-cross-site-scripting/ Share on other sites More sharing options...
Sergey Popov Posted April 20, 2010 Share Posted April 20, 2010 You need to encode any information collected via form, before outputting it on your website pages (OR before saving input data into database). Use htmlspecialchars() function. Link to comment https://forums.phpfreaks.com/topic/199105-cross-site-scripting/#findComment-1045067 Share on other sites More sharing options...
Adam Posted April 20, 2010 Share Posted April 20, 2010 Good cheat sheet for XSS: http://ha.ckers.org/xss.html Link to comment https://forums.phpfreaks.com/topic/199105-cross-site-scripting/#findComment-1045075 Share on other sites More sharing options...
oni-kun Posted April 20, 2010 Share Posted April 20, 2010 I heavily agree with MrAdam. inspite of doing server side validation. Maybe you should make it a little more serverside. Link to comment https://forums.phpfreaks.com/topic/199105-cross-site-scripting/#findComment-1045078 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.