Jonah0037 Posted January 18, 2020 Report Posted January 18, 2020 Hello, Recently, we have had a few people attempt to XSS our site to prevent usage, and what is happening is they are running scripts on our site with script tags that are being inputted in the Registration page. We've been trying to figure out how we can escape or sanitize these inputs to essentially remove the scripts tag(s), so the code won't run. Any ideas or thoughts would be greatly appreciated! Quote
Administrators ProAvia Posted January 18, 2020 Administrators Report Posted January 18, 2020 Have a look at this link: https://paragonie.com/blog/2015/06/preventing-xss-vulnerabilities-in-php-everything-you-need-know Or Goggle... preventing cross site scripting in php Quote
Jonah0037 Posted January 19, 2020 Author Report Posted January 19, 2020 (edited) 11 hours ago, ProAvia said: Have a look at this link: https://paragonie.com/blog/2015/06/preventing-xss-vulnerabilities-in-php-everything-you-need-know Or Goggle... preventing cross site scripting in php Thanks! Currently, we're attempting to implement CSP (Content Security Policy) to prevent inline javascript from running, so we're hopeful this will solve our issue. Edited January 19, 2020 by Jonah0037 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.