News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Jason Stiles' Blog:
How To Protect Your Site From XSS With PHP
June 13, 2011 @ 09:40:42

In a recent post to his blog Jason Stiles takes a look at some of the things you can do with PHP to help protect your site from XSS (cross-site scripting attacks) with some basic filtering.

Cross-Site Scripting (XSS) is a type of attack where a hacker attempts to inject client-side scripting into a webpage that others are able to view. The attack could be as simple as an annoying alert window or as sophisticated as stealing a logged in user's credentials (commonly saved in browser cookies). [...] Since these types of user input can immediately be displayed to other user's, the attack could be spread pretty quickly and even without your knowledge.

He provides a basic function to get you started filtering the input from your users - a "xss_protect" method that takes in the data, whether to strip HTML tags or not and an optional set of allowed tags if you do. He also asks for opinions and better methods in his comments:

No solution is going to be perfect, but at least now you have a head start! If you have ways of improving this function, let myself and everyone else know in the comments.
0 comments voice your opinion now!
xss crosssitescripting protection striptags example


blog comments powered by Disqus

Similar Posts

Sebastian Bergmann's Blog: Data Providers in PHPUnit 3.2

Community News: WordPress Security Update Released

Matthew Weir O'Phinney's Blog: PHP globals for the OOP developer

Chris Shiflett's Blog: PHP Security by Example

Christian Stocker's Blog: Upload Progress Meter extension 0.9.2 released


Community Events











Don't see your event here?
Let us know!


component podcast language security example hhvm database composer install hack facebook application performance release unittest symfony2 package framework introduction project

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework