Vulnerability Development mailing list archives
Preventing CSS in PHP...
From: alrferreira () carol com br
Date: Thu, 2 May 2002 16:40:00 -0300
Much if has said in holes of Cross Site Scripting. Happily, language PHP supplies to the programmer a great function to prevent that this happens, called HTMLSpecialChars. It only needs an argument of string to function: $String = "<b>Hello Word</b>"; $String = HTMLSpecialChars($String); In the example above, if the variable was shown later, the text would not leave in boldface. This function converts all tags HTML into the real text that we desire to show, and making this, it prevents that any one of them to the inserted being either interpreted by the navigator as HTML. It also prevents that any script that he has been inserted in a box of text either made... Excuses for my English... André Luiz Rodrigues Ferreira alrferreira () carol com br - http://freecode.linuxsecurity.com.br "Not necessary to ask for license to have freedom..."
Current thread:
- Preventing CSS in PHP... alrferreira (May 02)