WyseLabs Internet Marketing Forum :: Start Sharing

[suresh.j]

We have had our share of Cross Site Scripting(XSS) woes.
And I believe everyone in Techwyse knows how bad XSS can be.
Attackers usually inject special characters and getting rid of them is one way of defence.

Free Software foundation has a project for this purpose (Open Web Application Security Project)
There is at present an include file from the Project which can be used to "sanitize"
the content in dynamic pages.
Sanitizing works like this.
The functions can be called to remove special chars and render the predetermined character type(int, float, string, alphanumeric etc)

The file can be downloaded here


PHP guys, go santise your code.

[DJ]

Thanks for this ! How can we apply what you have mentioned here to help out the problem?

[suresh.j]

Well DJ,
We need to get the PHP guys cracking and make sure they render content only through the functions mentioned above.
That would mean extraneous content would be "sanitized". The downside is that we would have to recode the whole website for the same.