Page 2 of 2

Re: I need your opinion regarding 3 security functions...

Posted: Sun Feb 14, 2010 8:33 am
by Rippe
Hi all,
this looks bad....

Code: Select all

echo htmlspecialchars('<script name="javascript">alert("XSS");</script>');
if you use htmlspecialchars or htmlentities don't forget to set the charset and right mode.

Code: Select all

echo htmlspecialchars('<script name="javascript">alert("XSS");</script>'), ENT_QUOTES,'UTF-8');

Kind Regards

Rippe