How i can avoid cross-site-scripting, by knowing, from what site user is requesting data?
How i can avoid cross-site-scripting, by knowing, from what site user is requesting data?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
How i can avoid cross-site-scripting, by knowing, from what site user is requesting data?
should contain the URL from which the request originates from.
EDIT: If you are actually trying to prevent XSS then it’s mostly down to having to make sure you use htmlentities() everywhere you print unfiltered user data, and should really be using it on pretty much all data you print that isn’t meant to be viewed as raw HTML.
Although there are bunch of considerations when writing PHP code as well, but they are far too many to discuss here without any pointers.