Results 1 to 1 of 1
Dec 14, 2009, 17:11 #1
- Join Date
- Oct 2006
- New Zealand
- 0 Post(s)
- 0 Thread(s)
Noob question about XSS vulnerability
The route I decided to take, was to send the settings inside the URL and echo them onto the screen.
In case there are any ways for nasty code to get embedded, I've used htmlentities, stripslashes, strlen and ctype_alnum to confirm that it is only an alpha-numeric, non-HTML, slashless string of less than 10 characters. However others are telling me there is still some ways this could be used for cross-site scripting.
Any ideas on how this could be hacked? I believe those who tell me it can, but it makes it darn hard to know how to prevent these types of attacks when I can't even understand how they work.
I can't even see how it could be attacked without the checks in place, let alone afterwards ... showing my complete lack of knowledge of XSS here.
Any help much appreciated