Cross site scripting Meta tag issue

Hello everyone,

The below line of code is flag as being vulnerable for cross site scripting (xss)

<meta property="og:url" content="" >

How do I manually test the page with a real code test ?
Already try it in the url addres bar:<script>alert(271)</script>

and this test is sending the user to my non-found page which is a good thing

Second question:
If I change the line of code in question to the below solution should solve the problem?

<meta property="og:url" content="<?php $url="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; echo htmlspecialchars($url); ?>" />

Let me know if I need to be more explicit, plz

Thank you for your help in advance :slight_smile:

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.