| Preventing non-persistent XSS attacks |
|
09-23-2021, 12:41 AM
(This post was last modified: 09-23-2021, 01:09 AM by jhob. Edit Reason: added additional steps taken to resolve. )
I have a CI3 application that is vulnerable to non-persistent XSS attacks.
I'm struggling to work out how I can prevent these, this sort of thing works on any URL that accepts querystring input: Code: https://mywebsite.com/search/?search='><svg/onload=confirm(/hacked/)>I've tried this in the controller method: PHP Code: foreach($_GET as $key => $param) {But that doesn't work as I think it's executed too late and is only really dealing with the querystring params in the execution the PHP code, not at the front end where it's getting executed. I'm sure there must be an easy way to prevent this sort of attack but I can't for the life of me work out how. TIA! |
| Messages In This Thread |
|
Preventing non-persistent XSS attacks - by jhob - 09-23-2021, 12:41 AM
RE: Preventing non-persistent XSS attacks - by kenjis - 09-23-2021, 01:03 AM
RE: Preventing non-persistent XSS attacks - by jhob - 09-23-2021, 01:24 AM
RE: Preventing non-persistent XSS attacks - by kenjis - 09-23-2021, 05:18 PM
|
