How to know, from what site server is getting request?
How i can avoid cross-site-scripting, by knowing, f开发者_StackOverflowrom what site user is requesting data?
How i can avoid cross-site-scripting
You can't avoid cross-site-scripting by knowing from what site a user is requesting data.
You can avoid cross-site-scripting by properly escaping.
$_SERVER['HTTP_REFERER']
should contain the URL from which the request originates from.
EDIT: If you are actually trying to prevent XSS then it's mostly down to having to make sure you use htmlentities() everywhere you print unfiltered user data, and should really be using it on pretty much all data you print that isn't meant to be viewed as raw HTML.
Although there are bunch of considerations when writing PHP code as well, but they are far too many to discuss here without any pointers.
I am not sure whether knowing the referrer URL will work for you but
And most of the time, XSS attacks came from an input or data that are not well filtered or cleaned before showing it to a browser, like cookies/sessions.
Please read the article below which teaches a library to prevent XSS attacks.
Link: http://oozman.com/php-tutorials/avoid-cross-site-scripting-attacks-in-php/
Use $_SERVER["HTTP_REFERER"]
, but see the responses to this question.
in $_SERVER array in base case this is $_SERVER['HTTP_REFERER'] - but if user go to your site from js method like document.location.href = 'yoursite.com'. IE (test on IE7) does not sent to you information about referer through security reason.
精彩评论