开发者

anti-hackers coding(anti XSS coding behaviors)?

问答 作者:

i am into php coding for 1 year now. i don't know everything or consider myself professional.but i want to write clean hacker proof coding. i tried to research for example how to stop XSS attacks.but it seems that there is a l开发者_运维知识库ot of expressions and a lot of vulnerabilities. i tried htmlawed and html purifiers. but not every simple form or script i write will need heavy script to make it secure. so what i need is : is there a coding style that i can follow that make my coding secure?

Basically, to avoid XSS, you have to make sure no HTML can be injected by the users into the HTML output of your page.

The simplest way of doing that is to use functions such as htmlspecialchars() on any output that goes to the browser as HTML.


This means that, if anyone inputs something like this (simple example) :

<script>alert('plop');</script>

The HTML of your page will contain :

&lt;script&gt;alert('plop');&lt;/script&gt;

And no HTML / Javascript code that could be interpreted.

继续阅读:coding-stylephpsecurityxss

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9