Preventing XSS injection in querystring

Preventing XSS injection in querystring

jhob
Junior Member
Posts: 35
Threads: 16
Joined: Apr 2015
Reputation: 0

12-19-2017, 06:34 AM

I have a CI3 site that is vulnerable to XSS injection via the querysting:

https://thesite.com/search?q=x'><svG onLoad=alert(document.domain)>

I have all inputs going through

Code:
$this->input->get('q', true)

so it's protected at the server end but still runs when the page is loaded with the malicious querystring.

How can the execution of the javascript be prevented?

Messages In This Thread

Preventing XSS injection in querystring - by jhob - 12-19-2017, 06:34 AM

RE: Preventing XSS injection in querystring - by skunkbad - 12-19-2017, 07:38 AM

RE: Preventing XSS injection in querystring - by jhob - 12-19-2017, 07:51 AM

RE: Preventing XSS injection in querystring - by skunkbad - 12-19-2017, 08:24 AM

RE: Preventing XSS injection in querystring - by Narf - 12-20-2017, 08:58 AM

RE: Preventing XSS injection in querystring - by rolly - 12-27-2017, 08:24 AM

RE: Preventing XSS injection in querystring - by XtreemDeveloper - 12-28-2017, 12:09 AM

RE: Preventing XSS injection in querystring - by jreklund - 12-28-2017, 06:48 AM