CodeIgniter Forums

Full Version: xss attack
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
when writing " onmouseover=prompt(986271) bad=" in a form text element and the form does not validate,
you get a prompt.

How can I prevent this?

see:
[Image: b2j5jdA.png]

[Image: 556ryBJ.png]
Output the value of the form element either like this:

<input type="text" name="email" value="<?php echo html_escape($email); ?>" />

Or like this

<input type="text" name="email" value="<?php echo set_value('email'); ?>" />

Either method will escape your data for output to the screen.