News Feed
Jobs Feed
Sections




News Archive
Jason Stiles' Blog:
How To Protect Your Site From XSS With PHP
by Chris Cornutt June 13, 2011 @ 09:40:42

In a recent post to his blog Jason Stiles takes a look at some of the things you can do with PHP to help protect your site from XSS (cross-site scripting attacks) with some basic filtering.

Cross-Site Scripting (XSS) is a type of attack where a hacker attempts to inject client-side scripting into a webpage that others are able to view. The attack could be as simple as an annoying alert window or as sophisticated as stealing a logged in user's credentials (commonly saved in browser cookies). [...] Since these types of user input can immediately be displayed to other user's, the attack could be spread pretty quickly and even without your knowledge.

He provides a basic function to get you started filtering the input from your users - a "xss_protect" method that takes in the data, whether to strip HTML tags or not and an optional set of allowed tags if you do. He also asks for opinions and better methods in his comments:

No solution is going to be perfect, but at least now you have a head start! If you have ways of improving this function, let myself and everyone else know in the comments.
0 comments voice your opinion now!
xss crosssitescripting protection striptags example


blog comments powered by Disqus

Similar Posts

Secunia.com: phpMyAdmin Cross-Site Scripting Vulnerabilities

Nick Circelli's Blog: Wicked Cool PHP - Review

Templora.com: Basic PHP Script Security

Raphael Stolt's Blog: Creating Zend Framework snippets for TextMate

QaFoo.com Blog: Struct classes in PHP


 Community Events









Don't see your event here?
Let us know!

opinion zendframework2 code tool development introduction framework composer testing object phpunit database unittest interview release example community podcast api language

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework