Preventing XSS injection in querystring |
I have a CI3 site that is vulnerable to XSS injection via the querysting:
https://thesite.com/search?q=x'><svG onLoad=alert(document.domain)> I have all inputs going through Code: $this->input->get('q', true) How can the execution of the javascript be prevented? |
Messages In This Thread |
Preventing XSS injection in querystring - by jhob - 12-19-2017, 06:34 AM
RE: Preventing XSS injection in querystring - by skunkbad - 12-19-2017, 07:38 AM
RE: Preventing XSS injection in querystring - by jhob - 12-19-2017, 07:51 AM
RE: Preventing XSS injection in querystring - by skunkbad - 12-19-2017, 08:24 AM
RE: Preventing XSS injection in querystring - by Narf - 12-20-2017, 08:58 AM
RE: Preventing XSS injection in querystring - by rolly - 12-27-2017, 08:24 AM
RE: Preventing XSS injection in querystring - by XtreemDeveloper - 12-28-2017, 12:09 AM
RE: Preventing XSS injection in querystring - by jreklund - 12-28-2017, 06:48 AM
|