search

codebicycle / demot

DeMoT (Detention Monitoring Tool)
MIT License
0 stars 0 forks source link

Prevent XSS attacks on form inputs #1

Open codebicycle opened 8 years ago

codebicycle commented 8 years ago

Type <script>alert('XSS')</script> into a form field and click submit. This should not work.

XSS (Cross Site Scripting) Prevention Cheat Sheet

codebicycle commented 8 years ago
  1. Use htmlspecialchars() when outputting to HTML or the shorter wrapper e() function from helpers.
  2. We used print_r($_POST) for debugging purposes. Remove all occurrences in production.