Jonah0037 Posted January 18, 2020 Report Share Posted January 18, 2020 Hello, Recently, we have had a few people attempt to XSS our site to prevent usage, and what is happening is they are running scripts on our site with script tags that are being inputted in the Registration page. We've been trying to figure out how we can escape or sanitize these inputs to essentially remove the scripts tag(s), so the code won't run. Any ideas or thoughts would be greatly appreciated! Quote Link to comment Share on other sites More sharing options...
Administrators ProAvia Posted January 18, 2020 Administrators Report Share Posted January 18, 2020 Have a look at this link: https://paragonie.com/blog/2015/06/preventing-xss-vulnerabilities-in-php-everything-you-need-know Or Goggle... preventing cross site scripting in php Quote Link to comment Share on other sites More sharing options...
Jonah0037 Posted January 19, 2020 Author Report Share Posted January 19, 2020 (edited) 11 hours ago, ProAvia said: Have a look at this link: https://paragonie.com/blog/2015/06/preventing-xss-vulnerabilities-in-php-everything-you-need-know Or Goggle... preventing cross site scripting in php Thanks! Currently, we're attempting to implement CSP (Content Security Policy) to prevent inline javascript from running, so we're hopeful this will solve our issue. Edited January 19, 2020 by Jonah0037 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.