pcman Posted December 2, 2007 Share Posted December 2, 2007 hi how can i block xss ? but i want to show the tags like this: if the user write "<html>" its be displayed thanks Link to comment https://forums.phpfreaks.com/topic/79816-how-can-i-block-xss/ Share on other sites More sharing options...
helraizer Posted December 2, 2007 Share Posted December 2, 2007 For intance $mes = htmlspecialchars($_POST['message']); echo htmlspecialchars_decode($mes); Broken down: Line 1: grabs the user's message, and if it contains the characters <html> it will return it as <html> Line 2: takes the the users message "<html>", decodes the html special characters (hence the function name) and will return the message "<html>" without them being able to inject HTML, therefore you are virtually invunerable to that type of XSS. Link to comment https://forums.phpfreaks.com/topic/79816-how-can-i-block-xss/#findComment-404206 Share on other sites More sharing options...
pcman Posted December 2, 2007 Author Share Posted December 2, 2007 thanks dude Link to comment https://forums.phpfreaks.com/topic/79816-how-can-i-block-xss/#findComment-404323 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.