Last Updated: February 25, 2016
·
588
· jewels

Avoid Cross Site Scripting

#php
#security
#development

We all know how common Cross Site Scripting is and a ton of us get lazy and miss it. Stop slacking and add a tiny piece of code that could potentially save your website from being damaged.

<?php
echo "<form action='' method='get'>
<input type='text' name='sometext'><br />
</form>";
if(isset($_GET['sometext'])) {
echo htmlentities($_GET['sometext']);
}
?>

Adding the htmlentities will filter out all html characters and save you a lot of time patching the vulnerability in the future. Make sure to add this when you are adding a text box within your website.

#php
#security
#development

Written by Jae

Say Thanks
Respond

Related protips

HTML5 Mobile Device Camera Access

356.7K
19

Pretty print array php

285.3K
0

Laravel's .htaccess to remove "public" from URL

243.9K
10

Have a fresh tip? Share with Coderwall community!

Post
Post a tip
Best #Php Authors
projectcleverweb
469.4K
#php
#javascript
#css
brandonbeeks
356.6K
#php
#javascript
#css
jvinceso
285.2K
#php
#ASP
#JavaScript
hnordt
243.9K
#php
#laravel
#CoffeeScript
rmcdaniel
239.3K
#php
#JavaScript
#Open Source
Related Tags
#php
#security
#development
Sponsored by
#native_company#
#native_desc#
#native_cta#
Awesome Job
See All Jobs
Post a job for only $299
Thanks to our sponsor
Sponsored by #native_company# — Learn More
#native_title# #native_desc#
#native_cta#