Home/ Questions/Q 3852456
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T17:19:16+00:00

Possible Duplicate: What are the best practices for avoid xss attacks in a PHP

  • 0

Possible Duplicate:
What are the best practices for avoid xss attacks in a PHP site

For example:

http://www.mid-day.com/searchresult.php?query=%3Cscript%3Ealert%28%22This%20is%20vulnerable%20for%20XSS%20..%20by%20binny%22%29%3C/script%3E

This website has an XSS DOM based vulnerability I want to know what causes this vulnerability and how to prevent it?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should always HTML encode values that come from the user like querystring parameters before outputting them. You could use the htmlentities function.

    Instead of:

    $str = $_GET['a'];
echo $str;

    use:

    $str = $_GET['a'];
echo htmlentities($str);
    • 0