Possible Duplicate:
What are the best practices for avoid xss attacks in a PHP site
I need to prevent XSS attacks in PHP code, is there nay good and easy library for this?
Using htmlspecialchars() function – The htmlspecialchars() function converts special characters to HTML entities. For a majority of web-apps, we can use this method and this is one of the most popular methods to prevent XSS. This process is also known as HTML Escaping.
If reflected XSS exists in a function that is not backed by a CSRF token, no one can stop it from being vulnerable. The presence of an XSS vulnerability anywhere on the site will allow users to take action even if the function is backed by CSRF token protection. You can't use CSRF tokens to prevent stored XSS threats.
Proliferation: here, the worm will propagate to other website users whosoever visits the infected user's page.
Security is not a product. It's a process.
If you rely on a library for security you're doomed to being attacked one time or another.
Anyway, you could sanitize your inputs with standard php functions (i.e. htmlspecialchars()
)
There are lots of PHP functions that can assist you in preventing XSS attacks. Take a look at these:
strip_tags
http://php.net/manual/en/function.strip-tags.php
htmlspecialchars
http://php.net/manual/en/function.htmlspecialchars.php
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With