SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Addict
    Join Date
    Jun 2006
    Posts
    220
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Sanitize url in PHP

    Consider below url entered by user:

    http://www.xyz.com/index.php?id=0077...lert%28339%29+

    1. How to prevent loading JS contents in iframe?
    2. Is it possible to prevent url loading if it contains any javascript function?

    What are ways to stop this type of cross-site scripting?

    Regards,
    Nilanjan

  2. #2
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    4,813
    Mentioned
    141 Post(s)
    Tagged
    0 Thread(s)
    htmlentities or htmlspecialchars

    Example:
    PHP Code:
    <?php echo htmlentities($_GET['id']); ?>
    Another thing, make sure you validate ALL input, especially anything that is accessible via a URL
    PHP Code:
    <?php $validateId = (int)$_GET['id']; 
    echo 
    $validateId?>
    Be sure to congratulate xMog on earning April's Member of the Month
    Go ahead and blame me, I still won't lose any sleep over it
    My Blog | My Technical Notes

  3. #3
    SitePoint Addict
    Join Date
    Jun 2006
    Posts
    220
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    But how can I prevent execution of any JS function from url?

  4. #4
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    4,813
    Mentioned
    141 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by neel1979 View Post
    But how can I prevent execution of any JS function from url?
    See my prior post, use htmlentities when you output anything you receive from a URL variable or a posted form.
    Be sure to congratulate xMog on earning April's Member of the Month
    Go ahead and blame me, I still won't lose any sleep over it
    My Blog | My Technical Notes


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •