| Preventing non-persistent XSS attacks |
(09-23-2021, 01:03 AM)kenjis Wrote: UseĀ html_escape() when you display variable data in HTML. It's not re-displaying the querystring data, the issue I have is that the example shows a popup: ![[Image: chrome_bVaU9aB6pS.png]](https://i.damselflycreative.com/ShareX/2021/09/chrome_bVaU9aB6pS.png) It's the browser that's executing the code, so I'm not sure that doing anything in PHP can prevent that. I'm wondering if it could somehow detect any malicious content and redirect to a 'safe' url. |
| Messages In This Thread |
|
Preventing non-persistent XSS attacks - by jhob - 09-23-2021, 12:41 AM
RE: Preventing non-persistent XSS attacks - by kenjis - 09-23-2021, 01:03 AM
RE: Preventing non-persistent XSS attacks - by jhob - 09-23-2021, 01:24 AM
RE: Preventing non-persistent XSS attacks - by kenjis - 09-23-2021, 05:18 PM
|
