PHPDeveloper: PHP News, Views and Community

Subscribe

@phpdeveloper.org

News Archive

Community News: Latest PECL Releases (06.17.2025)

Community News: Latest PECL Releases (06.10.2025)

Community News: Latest PECL Releases (06.03.2025)

Community News: Latest PECL Releases (05.27.2025)

Community News: Latest PEAR Releases (05.26.2025)

Community News: Latest PECL Releases (05.20.2025)

Community News: Latest PECL Releases (05.13.2025)

Community News: Latest PECL Releases (05.06.2025)

Community News: Latest PECL Releases (04.29.2025)

Community News: Latest PECL Releases (04.22.2025)

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Chris Shiflett's Weblog:
XSS Cheatsheet

byChris Cornutt Jan 27, 2005 @ 13:19:54

On Chris Shiflett's weblog today there is a new posting today expanding on one of the most dangerous website security issues today - XSS scripting.

I stumbled upon an interesting resource today - the XSS Cheatsheet. This is a really wonderful collection of XSS (cross-site scripting) test cases. If you don't know what XSS is, you might find the following resources helpful:

Foiling Cross-Site Attacks
XSS Prevention
PHP Security Workbook

Christian has developed a script for filtering data specifically for XSS. He also has an example implementation where you can try it out for yourself - maybe someone with some free time can try entering all of the test cases to see if any of them expose a weakness.

With XSS, there are just too openings that your site could be vulnerable to - even without you knowing. I'm glad that people are making the public more aware of the issue and giving good ways to help counteract this dangerous threat.

tagged:

Link: