patternphpMinor
PHP form XSS vulnerability
Viewed 0 times
phpxssformvulnerability
Problem
I'd like to ask if this PHP/HTML code has any flaws which can be exploited by the potential aggressor:
I'm aware that it can be exploited by calling script like this http://foo.bar/baz.php/'>alert('xss')
'>
' />
I'm aware that it can be exploited by calling script like this http://foo.bar/baz.php/'>alert('xss')
to `Solution
For single-quoted attributes, use
Depending on what this does, you might want to implement some sort of protection against CSRF attacks.
You might also want to check
Other than that, this code seems reasonable.
htmlspecialchars($text, ENT_QUOTES).Depending on what this does, you might want to implement some sort of protection against CSRF attacks.
You might also want to check
$_SERVER['SCRIPT_NAME'].Other than that, this code seems reasonable.
Context
StackExchange Code Review Q#13282, answer score: 2
Revisions (0)
No revisions yet.