N
N
nes2011-10-01 07:55:51
PHP
nes, 2011-10-01 07:55:51

XSS Protection

Hello cheaters!
Please tell me how effective this method of protection against XSS will be, and what can be done to improve its effectiveness?I am currently defending myself like this:

function xss($var){
  if(is_array($var)) {
    foreach($var as $k=>$v)
      $new[$k] = xss($v);
    return $new;
  }
  return htmlspecialchars(strip_tags($var));
}

those. I cut out the tags and convert everything superfluous into html entities, but I have a strong suspicion that not everything is so easy and simple.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
V
Vitaly Zheltyakov, 2011-10-01
@nes

Everything is so easy and simple. But you need to make sure that all the data coming from the user is run through this function.
ps
This solution has one drawback - there may be problems with encodings when passing arrays. Pay attention to this.

A
AlexeyK, 2011-10-01
@AlexeyK

array_map/array_map_recursive

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question