Consider below url entered by user:
- How to prevent loading JS contents in iframe?
- Is it possible to prevent url loading if it contains any javascript function?
What are ways to stop this type of cross-site scripting?
Regards,
Nilanjan
Consider below url entered by user:
What are ways to stop this type of cross-site scripting?
Regards,
Nilanjan
[fphp]htmlentities[/fphp] or [fphp]htmlspecialchars[/fphp]
Example:
<?php echo htmlentities($_GET['id']); ?>
Another thing, make sure you validate ALL input, especially anything that is accessible via a URL
<?php $validateId = (int)$_GET['id'];
echo $validateId; ?>
But how can I prevent execution of any JS function from url?
See my prior post, use htmlentities when you output anything you receive from a URL variable or a posted form.