HiveBrain v1.2.0
Get Started
← Back to all entries
patternphpMinor

PHP form XSS vulnerability

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
phpxssformvulnerability

Problem

I'd like to ask if this PHP/HTML code has any flaws which can be exploited by the potential aggressor:

'>
' /> 


I'm aware that it can be exploited by calling script like this http://foo.bar/baz.php/'>alert('xss') to `

Solution

For single-quoted attributes, use htmlspecialchars($text, ENT_QUOTES).

Depending on what this does, you might want to implement some sort of protection against CSRF attacks.

You might also want to check $_SERVER['SCRIPT_NAME'].

Other than that, this code seems reasonable.

Context

StackExchange Code Review Q#13282, answer score: 2

Revisions (0)

No revisions yet.