0

i am into php coding for 1 year now. i don't know everything or consider myself professional.but i want to write clean hacker proof coding. i tried to research for example how to stop XSS attacks.but it seems that there is a lot of expressions and a lot of vulnerabilities. i tried htmlawed and html purifiers. but not every simple form or script i write will need heavy script to make it secure. so what i need is : is there a coding style that i can follow that make my coding secure?

rook
  • 66,304
  • 38
  • 162
  • 239
alhoseany
  • 761
  • 9
  • 28
  • possible duplicate of [Protection against XSS exploits?](http://stackoverflow.com/questions/5414962/protection-against-xss-exploits) – sarnold Mar 24 '11 at 05:50

1 Answers1

1

Basically, to avoid XSS, you have to make sure no HTML can be injected by the users into the HTML output of your page.

The simplest way of doing that is to use functions such as htmlspecialchars() on any output that goes to the browser as HTML.


This means that, if anyone inputs something like this (simple example) :

<script>alert('plop');</script>

The HTML of your page will contain :

&lt;script&gt;alert('plop');&lt;/script&gt;

And no HTML / Javascript code that could be interpreted.

Pascal MARTIN
  • 395,085
  • 80
  • 655
  • 663
  • these means for both form inputs and query params they can append to your URL, and especially if your site is fetching any content from external websites – mpen Mar 24 '11 at 05:59