There is one draw back using the shown code here you have to use html_entity_decode.
$this->data = Sanitize::clean($this->data, array('dollar' => true, 'carriage'=>true,'encode' => true, 'remove_html'=>true));
<script type='text/javascript'>top.location.href="google.com"</script>
<input type="submit" value="submit" />
<input type="text" name="msg" />
<form action="" method="post">
To Understand XSS attack, i will show a simple example. Create a php code where it will show user posted data. Like this
Prevent CakePHP App From XSS Attacks - CyberNetikz
Комментариев нет:
Отправить комментарий