telicgroup Posted April 20, 2010 Share Posted April 20, 2010 Hi, My recent project got infected through Cross Site Scripting, inspite of doing server side validation. Can any one let me know what else needs to be done and to make sure cross site scripting is completely avaoided in all the input fields. Thanks in Advance Quote Link to comment https://forums.phpfreaks.com/topic/199105-cross-site-scripting/ Share on other sites More sharing options...
Sergey Popov Posted April 20, 2010 Share Posted April 20, 2010 You need to encode any information collected via form, before outputting it on your website pages (OR before saving input data into database). Use htmlspecialchars() function. Quote Link to comment https://forums.phpfreaks.com/topic/199105-cross-site-scripting/#findComment-1045067 Share on other sites More sharing options...
Adam Posted April 20, 2010 Share Posted April 20, 2010 Good cheat sheet for XSS: http://ha.ckers.org/xss.html Quote Link to comment https://forums.phpfreaks.com/topic/199105-cross-site-scripting/#findComment-1045075 Share on other sites More sharing options...
oni-kun Posted April 20, 2010 Share Posted April 20, 2010 I heavily agree with MrAdam. inspite of doing server side validation. Maybe you should make it a little more serverside. Quote Link to comment https://forums.phpfreaks.com/topic/199105-cross-site-scripting/#findComment-1045078 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.