Категории

Prevent XSS Attacks. Escape Strings in PHP

Опубликовано: 18 Июнь 2015
на канале: John Morris
37,795
305

Here's the special discount link for Rob's course:
http://www.johnmorrisonline.com/coupo...

Get the source code in the Code Snippets section here:
http://www.johnmorrisonline.com/web-d...

Training Center:
http://www.johnmorrisonline.com/training

Subscribe on YouTube:
   / johnmorrisonline  

Subscribe on SoundCloud:
  / johnmorrisonline  

Subscribe on iTunes:
http://goo.gl/RggnXW

What Is XSS?

XSS stands for cross-site scripting and it refers to a type of attack where a hacker injects malicious client-side code into the output of your page.

Applications that don't escape their output are vulnerable to this type of attack.

XSS Example

A simple example is a blog comment. If not properly escaped, an attacker could enter (for example) JavaScript code into the blog comment.

That code would be stored in the database, output to the page when loaded, and because it's not escaped... render and run.

Thus, the attacker would have the full range of JavaScript capabilities to attack you and your site visitors.

How to Prevent XSS Attacks

As illustrated in the video above, you prevent XSS attacks by escaping your output using htmlspecialchars() or htmlentities().

Both PHP functions convert problematic characters into HTML entities causing the injected code to be output harmlessly and not rendered.

htmlentities vs htmlspecialchars

Both will prevent XSS attacks. The difference is in the characters each encodes. htmlentities will encode ANY character that has an HTML entity equivalent.

htmlspecialchars ONLY encodes a small set of the most problematic characters.

It's generally recommended to us htmlspecialchars because htmlentities can cause display problems with your text depending on characters are being output.

Think of htmlspecialchars as a scalpel and htmlentities as a hammer. Both can solve the problem... one is just a little more precise.

~-~~-~~~-~~-~
Please watch: "Ryan Carson: How to Get an IT Job WITHOUT a College Degree"
   • Ryan Carson: How to Get an IT Job WIT...  
~-~~-~~~-~~-~
#php #webdev

Смотрите видео Prevent XSS Attacks. Escape Strings in PHP онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь John Morris 18 Июнь 2015, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 37,795 раз и оно понравилось 305 людям.

play_arrow
394
15

New stock new look new outfit

New stock new look new outfit
play_arrow
188
9

drawing Batman using python turtle

drawing Batman using python turtle

play_arrow
3,238
46

00:00:00

FILTERIA - Flanger Saucer remix

FILTERIA - Flanger Saucer remix
play_arrow
39
0

Season of Colors

Season of Colors
play_arrow
232
4

Halal Food in Calgary Canada | Ramadan Iftar Buffet Options Calgary | Halal Food Restaurant Review

Halal Food in Calgary Canada | Ramadan Iftar Buffet Options Calgary | Halal Food Restaurant Review
play_arrow
85
4

(FREE) Bossman Dlow Type Beat -

(FREE) Bossman Dlow Type Beat - "OBAMA RUNTZ"
play_arrow
78,477
492

How to All Problem of Web Camera (Not Working, Crashing, Another App Using Camera)

How to All Problem of Web Camera (Not Working, Crashing, Another App Using Camera)
play_arrow
1,289
5

Скорише продакшн | Showreel 2022

Скорише продакшн | Showreel 2022
Похожие видео
play_arrow
How hard is it to learn HTML?

How hard is it to learn HTML?
play_arrow
Can I get a job just knowing HTML and CSS?

Can I get a job just knowing HTML and CSS?
play_arrow
Is it still worth learning HTML and CSS in 2023?

Is it still worth learning HTML and CSS in 2023?
play_arrow
How do I teach myself HTML?

How do I teach myself HTML?
play_arrow
Complete HTML Tutorial for Beginners | Launch Your Web Development Career

Complete HTML Tutorial for Beginners | Launch Your Web Development Career
play_arrow
11 silly things you should NOT do on Upwork

11 silly things you should NOT do on Upwork
play_arrow
Will you know if your proposal is declined on Upwork?

Will you know if your proposal is declined on Upwork?
play_arrow
A stupid obvious way to get good reviews on Upwork

A stupid obvious way to get good reviews on Upwork
play_arrow
The disturbing downsides of Upwork

The disturbing downsides of Upwork
play_arrow
Hacks for beginners to get clients on Upwork

Hacks for beginners to get clients on Upwork
play_arrow
How to get noticed on Upwork

How to get noticed on Upwork
play_arrow
Is it bad to decline an offer on Upwork?

Is it bad to decline an offer on Upwork?
play_arrow
The best time to submit proposals on Upwork

The best time to submit proposals on Upwork
play_arrow
Does boosting your proposal on Upwork help

Does boosting your proposal on Upwork help
play_arrow
Why your proposals get rejected on Upwork

Why your proposals get rejected on Upwork
play_arrow
How long a proposal should be on Upwork

How long a proposal should be on Upwork
play_arrow
Get your first proposal accepted on Upwork

Get your first proposal accepted on Upwork
play_arrow
How to write a good proposal on Upwork

How to write a good proposal on Upwork
play_arrow
How many proposals you should send on Upwork per day

How many proposals you should send on Upwork per day
play_arrow
What clients actually want to hear in Upwork proposals

What clients actually want to hear in Upwork proposals
play_arrow
Upwork proposals clients actually read

Upwork proposals clients actually read
play_arrow
How Upwork ranks proposals. Yes, PROPOSALS!

How Upwork ranks proposals. Yes, PROPOSALS!
play_arrow
ChatGPT is coming for developers 😡

ChatGPT is coming for developers 😡
play_arrow
The dumbest Upwork proposal mistake

The dumbest Upwork proposal mistake