Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

What security should be used to avoid XSS (Cross site scripting) in php ?

user-image
Question added by Mohammed Salim Qureshi , Senior Developer & Team Lead , Clouding Systems
Date Posted: 2016/11/06
Adel Ezat Fawzy Ellozy
by Adel Ezat Fawzy Ellozy , Webdeveloper. , Saudi Arabian Maritiem Sports Federation

The idea of xss is that a hacker can inject their own custom JavaScript into a webpage. It's used to trick users into running their custom JavaScript code. And they also used to steal cookies. And if they steal cookies they can steal the cookies data as well as potentially session data, which has been linked with a cookie.

The main way is sanitizing any dynamic text that gets output to the browser. Make sure that it's safe. Turn it into something that's harmless before you put it on the page. So that means your HTML, your JavaScript, JSON, XML, anything else that you output. You want to make sure that it gets rendered harmless, especially data that comes from URL or forms.

Use the htmlspecialchars( ) function to convert the predefined characters "<" (less than) and ">" (greater than) to HTML entities so any script tag rendered harmless .

abdul rahman Mohammed
by abdul rahman Mohammed , Sr. Information Security Engineer , INNOVATIVE SOLUTIONS

You can deploy as web application firewall to secure your web services 

More Questions Like This