Reply to Will htmlentities avoid all XSS in php?

Your name:

Reply:


Posted by Erwin Moller on 01/24/08 11:05

Hi all,

Question: If I use htmlentities($orginalString,ENT_QUOTES) everywhere I
output anything to the browser that originated from userinput, will an
XSS attack be possible?

I think not, but I found a lot of different ways to XSS related on the
net (like DNS rebinding: http://en.wikipedia.org/wiki/DNS_rebinding).
As far as I can see DNS-rebinding is useless as long as the JavaScript
will not be executed.

Is htmlentities enough?
Should I also use the third parameter for htmlentities (charset)?
What do you do to protect your sites against XSS?

Regards,
Erwin Moller

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация