TODO: Add HTML escaping back in for public/index.php

nikhilbachani / globe-bank

Content Management System (CMS) built using with PHP and MySQL

MIT License

0 stars 0 forks source link

TODO: Add HTML escaping back in for public/index.php #1

Closed nikhilbachani closed 4 years ago

nikhilbachani commented 4 years ago

Initially, to enable displaying the content in public/index.php, HTML escaping was removed for page content. It needs to be added back in at a later point in time to prevent XSS attacks.

nikhilbachani commented 4 years ago

Added strip_tags to prevent XSS attacks.