Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
nes2011-10-01 07:55:51
PHP
nes, 2011-10-01 07:55:51

XSS Protection

Hello cheaters!
Please tell me how effective this method of protection against XSS will be, and what can be done to improve its effectiveness?I am currently defending myself like this:

function xss($var){
  if(is_array($var)) {
    foreach($var as $k=>$v)
      $new[$k] = xss($v);
    return $new;
  }
  return htmlspecialchars(strip_tags($var));
}

those. I cut out the tags and convert everything superfluous into html entities, but I have a strong suspicion that not everything is so easy and simple.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
V
Vitaly Zheltyakov, 2011-10-01
@nes

Everything is so easy and simple. But you need to make sure that all the data coming from the user is run through this function.
ps
This solution has one drawback - there may be problems with encodings when passing arrays. Pay attention to this.

Report
A
AlexeyK, 2011-10-01
@AlexeyK

array_map/array_map_recursive

Similar questions
A
Aibot922021-04-09 16:05:43
How to stop "listening" to bot.*_handler? 2Reply
D
Dagtor2015-05-15 14:02:52
What book, website or video course can you offer a beginner to learn SQL? 11Reply
N
Nikolay2017-05-04 14:00:30
How to build a chain of calls to a static function? 3Reply
P
podde2019-10-07 17:31:28
How to create an automatic signature in Service desk? 3Reply
A
AnatoliyKarpov2021-04-16 14:24:16
How to make ul have different classes? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question