Home/ Questions/Q 5954391
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T17:57:51+00:00

Is there any way to prevent xss attacks in magento? in my localhost i

  • 0

Is there any way to prevent xss attacks in magento? in my localhost i am just trying to check how to prevent xss attacks for example i am inserting a script when user register in magento, i am just shocked when inserting a whole script in the name field i am successfully registered my dashboard screenshot

enter image description here

after refreshing the page i got another screenenter image description here

I just want to prevent the user that no one can do like that.

Please help me prevent that types of attacks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Also, this may be a template problem. If your template doesn’t properly escape user input, you end up with garbage in your database. I’m running 1.4.1.1 as well, but the input fields are filtered as follows:

    <li class="wide">
    <label for="street_1" class="required"><em>*</em><?php echo $this->__('Street Address') ?></label>
    <div class="input-box">
        <input type="text" name="street[]" value="<?php echo $this->htmlEscape($this->getAddress()->getStreet(1)) ?>" title="<?php echo $this->__('Street Address') ?>" id="street_1" class="input-text required-entry" />
    </div>
</li>

    The htmlEscape() function is supposed to take care of the nasties. On some templates, it was missing from search fields and you could get a verifiable XSS problem using it.

    • 0