random1 Posted February 23, 2008 Share Posted February 23, 2008 Hi All, I've got the following code for XSS and JS Injection filtering: /** * Validator::filterJavascriptInjection() * Filters a string to prevent Javascript Injection attacks. * @param mixed $data * @return $outputdata */ function filterJavascriptInjection($data) { // Source: http://www.avengex.com/tutorials/115/Preventing_XSS/ return $outputdata = preg_replace("#<script#is","<//script",$data); } /** * Validator::filterJavascriptInjection() * Filters a string to prevent Cross-site Scripting (XSS) attacks. * @param mixed $data * @return $outputdata */ function filterXSS($data) { // Source: http://www.avengex.com/tutorials/103/Simple_but_effective_user_input_securing/ $outputdata = htmlspecialchars($data); //$input will now contain the ascii equivalents to all html chars like < $outputdata = addslashes($outputdata); //this will add slashes to negate the effect of an sql injection $outputdata = stripslashes($outputdata); //this now removes all the funny slashes. BUT the code is still safe for a browser return $outputdata; } This doesn't seem to be working properly. Also how do I protect my app against SQL Injection? Link to comment https://forums.phpfreaks.com/topic/92572-xss-cross-site-scripting-and-javascript-injection/ Share on other sites More sharing options...
drisate Posted February 23, 2008 Share Posted February 23, 2008 You can find a solution in this topic http://www.phpfreaks.com/forums/index.php/topic,183741.0.html Hey Barand you should stiky a version on that code roopurt18 did lol (gona ask again and again lol) Link to comment https://forums.phpfreaks.com/topic/92572-xss-cross-site-scripting-and-javascript-injection/#findComment-474412 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.