Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

What security should be used to avoid XSS (Cross site scripting) in php ?

user-image
Question ajoutée par Mohammed Salim Qureshi , Senior Developer & Team Lead , Clouding Systems
Date de publication: 2016/11/06
Adel Ezat Fawzy Ellozy
par Adel Ezat Fawzy Ellozy , Webdeveloper. , Saudi Arabian Maritiem Sports Federation

The idea of xss is that a hacker can inject their own custom JavaScript into a webpage. It's used to trick users into running their custom JavaScript code. And they also used to steal cookies. And if they steal cookies they can steal the cookies data as well as potentially session data, which has been linked with a cookie.

The main way is sanitizing any dynamic text that gets output to the browser. Make sure that it's safe. Turn it into something that's harmless before you put it on the page. So that means your HTML, your JavaScript, JSON, XML, anything else that you output. You want to make sure that it gets rendered harmless, especially data that comes from URL or forms.

Use the htmlspecialchars( ) function to convert the predefined characters "<" (less than) and ">" (greater than) to HTML entities so any script tag rendered harmless .

abdul rahman Mohammed
par abdul rahman Mohammed , Sr. Information Security Engineer , INNOVATIVE SOLUTIONS

You can deploy as web application firewall to secure your web services 

More Questions Like This