MDCode Posted March 31, 2013 Share Posted March 31, 2013 I've run into a tough situation with XSS. I was wondering what would be the best way to negate the use of "javascript:action" type attacks. ( Ex: javascript:alert(String.fromCharCode(88 83 83)); ) I've heard that there are some ways that browsers can be exploited to the point of which just removing all use of "javascript:" is not enough. What would be the best method of action against this? Quote Link to comment https://forums.phpfreaks.com/topic/276334-xss/ Share on other sites More sharing options...
Solution MDCode Posted March 31, 2013 Author Solution Share Posted March 31, 2013 Update: Solved. Quote Link to comment https://forums.phpfreaks.com/topic/276334-xss/#findComment-1422031 Share on other sites More sharing options...
requinix Posted March 31, 2013 Share Posted March 31, 2013 Not allow arbitrary HTML. BBCode et al. are there specifically for that kind of situation. Quote Link to comment https://forums.phpfreaks.com/topic/276334-xss/#findComment-1422032 Share on other sites More sharing options...
Jessica Posted March 31, 2013 Share Posted March 31, 2013 Thanks for sharing your solution so others can learn. Quote Link to comment https://forums.phpfreaks.com/topic/276334-xss/#findComment-1422135 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.