Security
Preventing cross-site-scripting (XSS) vulnerability
Submitted by vinayras on Wed, 07/27/2011 - 12:28Recently i came across a report at xssed.com, about ebharatjobs.com being vulnerable to cross site scripting (XSS). That report was filed way back in 2009, and we have already fixed that when we upgraded www.ebharatjobs.com in 2010.
I wanted to share the code we used to check the input from users to possibly prevent XSS vulnerability.
// cross-site-scripting (XSS) vulnerability
$q = $_GET["q"];
//remove the script tag and its contents
- vinayras's blog
- Read more
- 8997 reads