XSS attacks on location window
Posted: Sat Sep 13, 2014 1:20 pm
Hello,again members of the PHP Technorati. I come to you with a question concerning cross site scripting attacks using the browser's location window. I have script and I wish to know how I would sanitize any scripting attack that uses the location window:
So, could I use Filter_input anywhere or any other technique to sanitize incoming page requests with malicious code?
Thanks in advance.
Batoe
Code: Select all
<?php
$page_files=array( 'about'=>'about.html',
'photos'=>'photos.html',
'contact'=>'contact.html',
'home'=>'home.html'
);
if (in_array($_GET['page'],array_keys($page_files))) {
include $page_files[$_GET['page']];
} else {
include $page_files['home'];
}
?>
Thanks in advance.
Batoe