Vulnerability Development: Preventing CSS in PHP...

[alrferreira () carol com br]

Much if has said in holes of Cross Site Scripting.
Happily, language PHP supplies to the programmer a great function to
prevent that this happens, called HTMLSpecialChars. It only needs an
argument of string to function:

$String = "<b>Hello Word</b>";
$String = HTMLSpecialChars($String);

In the example above, if the  variable was shown later, the text would not
leave in boldface. This function converts all tags HTML into the real text
that we desire to show, and making this, it prevents that any one of them
to the inserted being either interpreted by the navigator as HTML.
It also prevents that any script that he has been inserted in a box of text
either made...

Excuses for my English...

André Luiz Rodrigues Ferreira
alrferreira () carol com br - http://freecode.linuxsecurity.com.br
"Not necessary to ask for license to have freedom..."