neel1979 — 2013-02-07T06:55:20-05:00 — #1
Consider below url entered by user:
- How to prevent loading JS contents in iframe?
What are ways to stop this type of cross-site scripting?
cpradio — 2013-02-07T07:52:54-05:00 — #2
htmlentities or htmlspecialchars
<?php echo htmlentities($_GET['id']); ?>
Another thing, make sure you validate ALL input, especially anything that is accessible via a URL
<?php $validateId = (int)$_GET['id'];
echo $validateId; ?>
neel1979 — 2013-02-07T07:58:42-05:00 — #3
But how can I prevent execution of any JS function from url?
cpradio — 2013-02-07T08:01:37-05:00 — #4
See my prior post, use htmlentities when you output anything you receive from a URL variable or a posted form.
system — 2014-10-07T23:40:18-04:00 — #5
This topic is now closed. New replies are no longer allowed.