Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

XSS prevention in PHP [duplicate]

Tags:

php

xss

Possible Duplicate:
What are the best practices for avoid xss attacks in a PHP site

I need to prevent XSS attacks in PHP code, is there nay good and easy library for this?

like image 453
newbie Avatar asked Apr 16 '10 10:04

newbie


People also ask

What is the protection against XSS in PHP?

Using htmlspecialchars() function – The htmlspecialchars() function converts special characters to HTML entities. For a majority of web-apps, we can use this method and this is one of the most popular methods to prevent XSS. This process is also known as HTML Escaping.

Can Csrf be prevented if there is an XSS vulnerability?

If reflected XSS exists in a function that is not backed by a CSRF token, no one can stop it from being vulnerable. The presence of an XSS vulnerability anywhere on the site will allow users to take action even if the function is backed by CSRF token protection. You can't use CSRF tokens to prevent stored XSS threats.

Can XSS worms propagate?

Proliferation: here, the worm will propagate to other website users whosoever visits the infected user's page.


2 Answers

Security is not a product. It's a process.

If you rely on a library for security you're doomed to being attacked one time or another.

Anyway, you could sanitize your inputs with standard php functions (i.e. htmlspecialchars())

like image 184
Federico klez Culloca Avatar answered Oct 04 '22 22:10

Federico klez Culloca


There are lots of PHP functions that can assist you in preventing XSS attacks. Take a look at these:

strip_tags

http://php.net/manual/en/function.strip-tags.php

htmlspecialchars

http://php.net/manual/en/function.htmlspecialchars.php

like image 38
Finbarr Avatar answered Oct 04 '22 20:10

Finbarr