Welcome Guest, Not a member yet? Register   Sign In
Preventing non-persistent XSS attacks
#3

(09-23-2021, 01:03 AM)kenjis Wrote: UseĀ  html_escape() when you display variable data in HTML.
See https://codeigniter.com/userguide3/helpe...eld-values

It's not re-displaying the querystring data, the issue I have is that the example shows a popup:

[Image: chrome_bVaU9aB6pS.png]

It's the browser that's executing the code, so I'm not sure that doing anything in PHP can prevent that. I'm wondering if it could somehow detect any malicious content and redirect to a 'safe' url.
Reply


Messages In This Thread
Preventing non-persistent XSS attacks - by jhob - 09-23-2021, 12:41 AM
RE: Preventing non-persistent XSS attacks - by jhob - 09-23-2021, 01:24 AM



Theme © iAndrew 2016 - Forum software by © MyBB