raine

<script> tags and other URL encoded variants of it are often injected into URL POST/GET parameters to perform XSS attacks on a website. So I'm trying to come up with some counter measures.

Oh, no no. My code is all in the <? php ?> tag. What I meant was I was basically tampering with my own parameters in the URL. For example, I typed http://<hostname>/page.php?param=<script> and the server gave me a 406. Actually, the string '<script' is already enough to cause the 406. I can't see how my code is giving me a 406 so I thought it might be the server's problem. Just wanted to see what others think and to see if there is a solution.

I just started learning about regular expresions and was testing what I wrote to see if it was checking my parameters properly and ran into this problem. When I enter <script> as the parameter to pass, the server sends me a 406, saying that the data is not acceptible. I was wondering if this is by design, or if there is a fix for it. Thanks