| SitePoint Sponsor |
Consider below url entered by user:
http://www.xyz.com/index.php?id=0077...lert%28339%29+
1. How to prevent loading JS contents in iframe?
2. Is it possible to prevent url loading if it contains any javascript function?
What are ways to stop this type of cross-site scripting?
Regards,
Nilanjan
htmlentities or htmlspecialchars
Example:
Another thing, make sure you validate ALL input, especially anything that is accessible via a URLPHP Code:<?php echo htmlentities($_GET['id']); ?>
PHP Code:<?php $validateId = (int)$_GET['id'];
echo $validateId; ?>
But how can I prevent execution of any JS function from url?
See my prior post, use htmlentities when you output anything you receive from a URL variable or a posted form.Originally Posted by neel1979
Posting Permissions
Reply With Quote
Bookmarks