svrjs/svrjs-blog
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity Actions

Update the port about cross site scripting

Browse source
This commit is contained in:
Dorian Niemiec 2024-05-12 18:07:02 +02:00
parent 63578385b8
commit 056d85acdc
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
source/_posts/What-is-cross-site-scripting-How-to-prevent-it.md
View file

@ -285,7 +285,7 @@ If Content Security Policy allows inline scripts (as it is by default), then bro
## Cross-site scripting vulnerability prevention ## Cross-site scripting vulnerability prevention
You can prevent cross-site scripting vulnerabilities by escaping HTML tags. In PHP, you can use [`htmlentities()`](https://www.php.net/manual/en/function.htmlentities.php) or [`htmlspecialchars()`](https://www.php.net/manual/en/function.htmlspecialchars.php) function. There is the example code without the XSS vulnerability: You can prevent cross-site scripting vulnerabilities by escaping HTML tags. In PHP, you can use [`htmlentities()`](https://www.php.net/manual/en/function.htmlentities.php) or [`htmlspecialchars()`](https://www.php.net/manual/en/function.htmlspecialchars.php) function. There is the example code without the XSS vulnerability (although it is still vulnerable to CSRF):
```php ```php
<?php <?php
// Don't throw errors by default // Don't throw errors by default
@ -373,7 +373,7 @@ function antiXSS(string) {
} }
``` ```
This is example code without the vulnerability: This is example code without the DOM XSS vulnerability:
```html ```html
<!DOCTYPE html> <!DOCTYPE html>
<html lang="en"> <html lang="en">