Update the port about cross site scripting

This commit is contained in:
Dorian Niemiec 2024-05-12 18:07:02 +02:00
parent 63578385b8
commit 056d85acdc

View file

@ -285,7 +285,7 @@ If Content Security Policy allows inline scripts (as it is by default), then bro
## Cross-site scripting vulnerability prevention
You can prevent cross-site scripting vulnerabilities by escaping HTML tags. In PHP, you can use [`htmlentities()`](https://www.php.net/manual/en/function.htmlentities.php) or [`htmlspecialchars()`](https://www.php.net/manual/en/function.htmlspecialchars.php) function. There is the example code without the XSS vulnerability:
You can prevent cross-site scripting vulnerabilities by escaping HTML tags. In PHP, you can use [`htmlentities()`](https://www.php.net/manual/en/function.htmlentities.php) or [`htmlspecialchars()`](https://www.php.net/manual/en/function.htmlspecialchars.php) function. There is the example code without the XSS vulnerability (although it is still vulnerable to CSRF):
```php
<?php
// Don't throw errors by default
@ -373,7 +373,7 @@ function antiXSS(string) {
}
```
This is example code without the vulnerability:
This is example code without the DOM XSS vulnerability:
```html
<!DOCTYPE html>
<html lang="en">