Possible Duplicate:
What are the best practices for avoid xss attacks in a PHP site
I need to prevent XSS attacks in PHP code, is there nay good and easy library for this?
views:
346answers:
5I noticed that too, it prevented alert('XSS attack test!'); from running, so it must be doing something
newbie
2010-04-16 10:33:51
+6
A:
Security is not a product. It's a process.
If you rely on a library for security you're doomed to being attacked one time or another.
Anyway, you could sanitize your inputs with standard php functions (i.e. htmlspecialchars())
klez
2010-04-16 10:28:49
ok I added this to input that will be printed on page, will this prevent all XSS attacks or at least most of them ?
newbie
2010-04-16 10:32:51
I suggest you read up on XSS. You need to understand how it works to protect against it.
Marius
2010-04-16 10:38:39
Hey @newbie, ever considered to ask "what is XSS attack" question?
Col. Shrapnel
2010-04-16 10:39:30
@newbie no, you don't. or you wouldn't ask will this prevent all XSS attacks
Col. Shrapnel
2010-04-16 10:48:43
A:
Theres alot of good answers on google, first one I found; http://codeassembly.com/How-to-sanitize-your-php-input/
My main advice would be to consider every input as a direct attack.
So convert to html characters. Add slashes.
azz0r
2010-04-16 10:35:55
+1
A:
There are lots of PHP functions that can assist you in preventing XSS attacks. Take a look at these:
strip_tags
http://php.net/manual/en/function.strip-tags.php
htmlspecialchars
Finbarr
2010-04-16 10:37:04
htmlentities is better to be removed from the list. as this function is obsolete and dirty
Col. Shrapnel
2010-04-16 10:38:25
Such a torrent of dirty functionality that it is hard to keep up with what is actually usable in PHP.
Finbarr
2010-04-16 11:59:07