SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Addict
    Join Date
    Jun 2006
    Posts
    220
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Sanitize url in PHP

    Consider below url entered by user:

    http://www.xyz.com/index.php?id=0077...lert%28339%29+

    1. How to prevent loading JS contents in iframe?
    2. Is it possible to prevent url loading if it contains any javascript function?

    What are ways to stop this type of cross-site scripting?

    Regards,
    Nilanjan

  2. #2
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,142
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    htmlentities or htmlspecialchars

    Example:
    PHP Code:
    <?php echo htmlentities($_GET['id']); ?>
    Another thing, make sure you validate ALL input, especially anything that is accessible via a URL
    PHP Code:
    <?php $validateId = (int)$_GET['id']; 
    echo 
    $validateId?>

  3. #3
    SitePoint Addict
    Join Date
    Jun 2006
    Posts
    220
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    But how can I prevent execution of any JS function from url?

  4. #4
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,142
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by neel1979 View Post
    But how can I prevent execution of any JS function from url?
    See my prior post, use htmlentities when you output anything you receive from a URL variable or a posted form.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •