XSS Prevention in PHP Cheat sheet pdf - Cross Site Scripting examples
Posted by Raj
XSS Prevention in PHP Cheat sheet pdf - Cross Site Scripting examples
XSS (Cross Site Scripting) Prevention in PHP
In this Article,I will show how to prevent XSS in PHP. Cross Site Scripting occurs, when an attacker uses a Web Application to send a malicious script(Javascript,VBScript,HTMl Script), Most often Malicious Data comes from the HTTP request.This script can access cookies,sessions and other information stored by your browser.These scripts even change the content of HTML Page.
There are Two types of XSS Attackes:
1.Stored XSS Attackes: Malicious code permanantly stored on server such as in Database ,Comment..etc
2.Reflected XSS Attacks: Injected Code reflected off the Web server such as error message,Search results..etc
- Untrusted User Input Data:
Most often Malicious Data comes from the HTTP request.Never trust data coming from the user.you should not insert or send it anywhere without taking steps to make sure that any attacks are detected .you have to validate all user input data using PHP functions before Insert into database or send it to anywhere.
- Validation:
Validate all user input data ($_GET, $_POST, $_REQUEST, $_COOKIE) using Regular expressions,Javascript and PHP functions to prevent XSS attacks.
- Some PHP functions that helps you to prevent XSS attacks
1.htmlspecialchars: htmlspecialchars Converts all special characters to HTML entities.(<, >, &, ‘, “.).
2.strip_tags: Used to strip HTML and PHP tags from a string.
3.mysql_real_escape_string: Escapes special characters in a string for use in an MySQL statement
4.Encode URL Query String Parameters.
- You can use htmlentities and stripslashes php functions for Retrieving and Displaying the Data From the Database.
- Use Escape methods (HTML Escape,Javascript Escape,CSS Escape) for XSS (Cross Site Scripting) Prevention.
- Always Use XHTML.
I hope This article will help you to prevent XSS Attacks.
For more Inforamation about XSS Cheat sheet click here
XSS (Cross Site Scripting) Prevention in PHP
In this Article,I will show how to prevent XSS in PHP. Cross Site Scripting occurs, when an attacker uses a Web Application to send a malicious script(Javascript,VBScript,HTMl Script), Most often Malicious Data comes from the HTTP request.This script can access cookies,sessions and other information stored by your browser.These scripts even change the content of HTML Page.
1.Stored XSS Attackes: Malicious code permanantly stored on server such as in Database ,Comment..etc
2.Reflected XSS Attacks: Injected Code reflected off the Web server such as error message,Search results..etc
XSS (Cross Site Scripting) Prevention in PHP Cheat sheet:
- Untrusted User Input Data:
Most often Malicious Data comes from the HTTP request.Never trust data coming from the user.you should not insert or send it anywhere without taking steps to make sure that any attacks are detected .you have to validate all user input data using PHP functions before Insert into database or send it to anywhere.
- Validation:
Validate all user input data ($_GET, $_POST, $_REQUEST, $_COOKIE) using Regular expressions,Javascript and PHP functions to prevent XSS attacks.
- Some PHP functions that helps you to prevent XSS attacks
1.htmlspecialchars: htmlspecialchars Converts all special characters to HTML entities.(<, >, &, ‘, “.).
2.strip_tags: Used to strip HTML and PHP tags from a string.
3.mysql_real_escape_string: Escapes special characters in a string for use in an MySQL statement
4.Encode URL Query String Parameters.
- You can use htmlentities and stripslashes php functions for Retrieving and Displaying the Data From the Database.
- Use Escape methods (HTML Escape,Javascript Escape,CSS Escape) for XSS (Cross Site Scripting) Prevention.
- Always Use XHTML.
I hope This article will help you to prevent XSS Attacks.
For more Inforamation about XSS Cheat sheet click here
This entry was posted on October 4, 2009 at 12:14 pm, and is filed under
xss attack prevention in php,
xss Cheat sheet,
xss Cheat sheet pdf,
xss prevention in php
.You can leave a response, or trackback from your own site.