Re: I need your opinion regarding 3 security functions...
Posted: Sun Feb 14, 2010 8:33 am
Hi all,
this looks bad....
if you use htmlspecialchars or htmlentities don't forget to set the charset and right mode.
Kind Regards
Rippe
this looks bad....
Code: Select all
echo htmlspecialchars('<script name="javascript">alert("XSS");</script>');Code: Select all
echo htmlspecialchars('<script name="javascript">alert("XSS");</script>'), ENT_QUOTES,'UTF-8');Kind Regards
Rippe