News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Jason Stiles' Blog:
How To Protect Your Site From XSS With PHP
June 13, 2011 @ 09:40:42

In a recent post to his blog Jason Stiles takes a look at some of the things you can do with PHP to help protect your site from XSS (cross-site scripting attacks) with some basic filtering.

Cross-Site Scripting (XSS) is a type of attack where a hacker attempts to inject client-side scripting into a webpage that others are able to view. The attack could be as simple as an annoying alert window or as sophisticated as stealing a logged in user's credentials (commonly saved in browser cookies). [...] Since these types of user input can immediately be displayed to other user's, the attack could be spread pretty quickly and even without your knowledge.

He provides a basic function to get you started filtering the input from your users - a "xss_protect" method that takes in the data, whether to strip HTML tags or not and an optional set of allowed tags if you do. He also asks for opinions and better methods in his comments:

No solution is going to be perfect, but at least now you have a head start! If you have ways of improving this function, let myself and everyone else know in the comments.
0 comments voice your opinion now!
xss crosssitescripting protection striptags example


blog comments powered by Disqus

Similar Posts

DevShed: Abstract Classes in PHP - Setting Up a Concrete Example

PHPEasy.co.uk: Tutorial: Type Hinting in PHP

Matthias Noback: Inject a repository instead of an entity manager

Make Me Pulse Blog: PHP 5 Design Pattern : Singleton

Chris Shiflett\'s Blog: Google XSS and Evil Character Encoding


Community Events





Don't see your event here?
Let us know!


refactor framework configure wordpress code testing list community language podcast interview laravel developer threedevsandamaybe series release unittest install opinion introduction

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework