Last Updated: February 25, 2016
·
569
· jewels

Avoid Cross Site Scripting

We all know how common Cross Site Scripting is and a ton of us get lazy and miss it. Stop slacking and add a tiny piece of code that could potentially save your website from being damaged.

<?php
echo "<form action='' method='get'>
<input type='text' name='sometext'><br />
</form>";
if(isset($_GET['sometext'])) {
echo htmlentities($_GET['sometext']);
}
?>

Adding the htmlentities will filter out all html characters and save you a lot of time patching the vulnerability in the future. Make sure to add this when you are adding a text box within your website.