News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Jason Stiles' Blog:
How To Protect Your Site From XSS With PHP
June 13, 2011 @ 09:40:42

In a recent post to his blog Jason Stiles takes a look at some of the things you can do with PHP to help protect your site from XSS (cross-site scripting attacks) with some basic filtering.

Cross-Site Scripting (XSS) is a type of attack where a hacker attempts to inject client-side scripting into a webpage that others are able to view. The attack could be as simple as an annoying alert window or as sophisticated as stealing a logged in user's credentials (commonly saved in browser cookies). [...] Since these types of user input can immediately be displayed to other user's, the attack could be spread pretty quickly and even without your knowledge.

He provides a basic function to get you started filtering the input from your users - a "xss_protect" method that takes in the data, whether to strip HTML tags or not and an optional set of allowed tags if you do. He also asks for opinions and better methods in his comments:

No solution is going to be perfect, but at least now you have a head start! If you have ways of improving this function, let myself and everyone else know in the comments.
0 comments voice your opinion now!
xss crosssitescripting protection striptags example


blog comments powered by Disqus

Similar Posts

Justin Silverton\'s Blog: How to Cache Smarty Templates (as per the manual)

Dave Marshall's Blog: Traits in PHP 5.4 - HelloWorld with Logging Trait

Matthew Weier O'Phinney's Blog: Syntax Highlighting for Technical Presentations

Developer Tutorials Blog: Debugging PHP with Firebug and FirePHP

Acunetix.com: Web Site Security Center


Community Events





Don't see your event here?
Let us know!


laravel framework list symfony release opinion update community series language library package interview zendserver deployment tips podcast api install introduction

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework