XSS url input

Hello everyone,

The page is flag as being vulnerable for cross site scripting (xss)

When I manually typed it in the url addres bar, I get a popup alert box.

How can I block this type of attack with php code?

https://www.mysite.com/events/?'><script>alert(698)</script>' />

Thank you for your help in advance

Any input should be filtered and validated. If any of it is to be printed to the page, it should be escaped.
So if you are using $_GET to get URL variables, you must decide what values you are willing to accept, number only, text only or just specific characters or words.
How you do that will depend on what type of data you want to accept, but preg_replcace can be useful for stripping out unwanted characters.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.