From 056d85acdcaf8959db119b3d6e10ffcacbb6e494 Mon Sep 17 00:00:00 2001
From: Dorian Niemiec <dorian.niemiec@svrjs.org>
Date: Sun, 12 May 2024 18:07:02 +0200
Subject: [PATCH] Update the port about cross site scripting

---
 .../_posts/What-is-cross-site-scripting-How-to-prevent-it.md  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source/_posts/What-is-cross-site-scripting-How-to-prevent-it.md b/source/_posts/What-is-cross-site-scripting-How-to-prevent-it.md
index ca57316..a91eb5e 100644
--- a/source/_posts/What-is-cross-site-scripting-How-to-prevent-it.md
+++ b/source/_posts/What-is-cross-site-scripting-How-to-prevent-it.md
@@ -285,7 +285,7 @@ If Content Security Policy allows inline scripts (as it is by default), then bro
 
 ## Cross-site scripting vulnerability prevention
 
-You can prevent cross-site scripting vulnerabilities by escaping HTML tags. In PHP, you can use [`htmlentities()`](https://www.php.net/manual/en/function.htmlentities.php) or [`htmlspecialchars()`](https://www.php.net/manual/en/function.htmlspecialchars.php) function. There is the example code without the XSS vulnerability:
+You can prevent cross-site scripting vulnerabilities by escaping HTML tags. In PHP, you can use [`htmlentities()`](https://www.php.net/manual/en/function.htmlentities.php) or [`htmlspecialchars()`](https://www.php.net/manual/en/function.htmlspecialchars.php) function. There is the example code without the XSS vulnerability (although it is still vulnerable to CSRF):
 ```php
 <?php
 // Don't throw errors by default
@@ -373,7 +373,7 @@ function antiXSS(string) {
 }
 ```
 
-This is example code without the vulnerability:
+This is example code without the DOM XSS vulnerability:
 ```html
 <!DOCTYPE html>
 <html lang="en">