8

Possible Duplicate:
What are the best practices for avoid xss attacks in a PHP site

I need to prevent XSS attacks in PHP code, is there nay good and easy library for this?

Community
  • 1
  • 1
newbie
  • 23,730
  • 77
  • 197
  • 300

5 Answers5

11

Security is not a product. It's a process.

If you rely on a library for security you're doomed to being attacked one time or another.

Anyway, you could sanitize your inputs with standard php functions (i.e. htmlspecialchars())

Federico klez Culloca
  • 24,336
  • 15
  • 57
  • 93
4

There are lots of PHP functions that can assist you in preventing XSS attacks. Take a look at these:

strip_tags

http://php.net/manual/en/function.strip-tags.php

htmlspecialchars

http://php.net/manual/en/function.htmlspecialchars.php

Finbarr
  • 29,870
  • 12
  • 61
  • 93
  • htmlentities is better to be removed from the list. as this function is obsolete and dirty – Your Common Sense Apr 16 '10 at 10:38
  • Such a torrent of dirty functionality that it is hard to keep up with what is actually usable in PHP. – Finbarr Apr 16 '10 at 11:59
  • Um, what? htmlentities is alive and well, and usually preferrable to htmlspecialchars http://php.net/manual/en/function.htmlentities.php – Kzqai Feb 26 '13 at 21:59
1

Theres alot of good answers on google, first one I found; http://codeassembly.com/How-to-sanitize-your-php-input/

My main advice would be to consider every input as a direct attack.

So convert to html characters. Add slashes.

azz0r
  • 3,272
  • 7
  • 40
  • 82
0

http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

Ivan
  • 1
-2

htmlspecialchars()

Your Common Sense
  • 154,967
  • 38
  • 205
  • 325