MDCode Posted March 31, 2013 Share Posted March 31, 2013 I've run into a tough situation with XSS. I was wondering what would be the best way to negate the use of "javascript:action" type attacks. ( Ex: javascript:alert(String.fromCharCode(88 83 83)); ) I've heard that there are some ways that browsers can be exploited to the point of which just removing all use of "javascript:" is not enough. What would be the best method of action against this? Link to comment https://forums.phpfreaks.com/topic/276334-xss/ Share on other sites More sharing options...
MDCode Posted March 31, 2013 Author Share Posted March 31, 2013 Update: Solved. Link to comment https://forums.phpfreaks.com/topic/276334-xss/#findComment-1422031 Share on other sites More sharing options...
requinix Posted March 31, 2013 Share Posted March 31, 2013 Not allow arbitrary HTML. BBCode et al. are there specifically for that kind of situation. Link to comment https://forums.phpfreaks.com/topic/276334-xss/#findComment-1422032 Share on other sites More sharing options...
Jessica Posted March 31, 2013 Share Posted March 31, 2013 Thanks for sharing your solution so others can learn. Link to comment https://forums.phpfreaks.com/topic/276334-xss/#findComment-1422135 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.