Facing XSS issue when javasrcript code is added in browser url

Asked Sep 09 '14 at 12:21

Active Sep 09 '14 at 12:21

Viewed 23 times

The site is in PHP, on my site I have a url which is something like this::

http://localhost/test.php

The above url works really fine but when it is changed to something like below then it does not work properly:

http://localhost/test.php/#' onmouseover=prompt(962488) //

The css disappears and almost everything goes awry. What should I do so that above malicious code does not create any problem ?

asked Sep 09 '14 at 12:21

D555

My guess is you aren't referencing your assets from the website root, and it's trying to serve your css from `http://localhost/test.php/#' onmouseover=prompt(962488) //style.css`. – Ben Fortune Sep 09 '14 at 12:26
@BenFortune Its from website root – D555 Sep 09 '14 at 12:36
Are your assets prepended with a `/`? – Ben Fortune Sep 09 '14 at 12:38
@BenFortune No, its simply "style.css" and not "/style.css" – D555 Sep 09 '14 at 12:39

0 Answers0