OxyScripts.com
Menu spacer Home Tutorials Articles Code Forums irc.freenode.net #oxyscripts
Main (PHP)
Home Forums PHP News PHP Tutorials Articles PHP Code Snippets Contact Us Sysadmin Resources Books Template Shop
3rd Party Streams
SlashDot PHPDeveloper.org PHP.Net
Resources
PHP Manual MySQL Manual Smarty Manual PEAR Manual PHP-GTK Manual Symfony Manual
Code Snippets
Authentication Database Graphics HTTP Miscellaneous Time/Date
Affiliates
Scripts TutorialMan TutorialGuide CodingForums.com PHP Scripts Cheap Web Hosting Affordable Web Hosting Dreamweaver Templates

Search This Site :     PHP Function Reference :
 

Minimal Cross Site Scripting Hints
By admin (2007-10-11. 8195 views.)
A common attack on web sites is to plug in HTML code directly into a form field and attempt to gain control over some part of the site.

<?php
PHP has 3 built-in functions that will help in your efforts:
htmlspecialchars(str)
htmlentities(str)
strip_tags(strallowed)

htmlspecialchars converts the entire string passed into HTML converting all the angle brackets and such into HTML equivalents

htmlentities takes any special character encountered and returns the HTML escape value for it

strip_tags will remove any html tag it finds EXCEPT those mentioned in the allowed string

Sooverall a nice small section of functions that should alleviate a good portion of the pain of a CSX attack.
?>
 
 
   Print this page

Top Sponsor

Sponsors
CA
Sponsors
AdWords Dominator 125*125
Advertisting

Affiliates
VertexTemplates PHPFreaks CodeWalkers StarGeek DevScripts CGI & PHP Scripts PHP CMS

Shopping Rebates   Sell It 4 You   Flash Page Counters   Get Insured
GPS Tracking Service   Charity Donate Info   Web Site Hosting   VOIP Service

Privacy Policy | Links | Site Map | Advertising

All content on OxyScripts.com is (©)2002-2007

 
Powered by Adrastea - Version 1.0.0. Copyright © Rune Solutions, 2004-2005