Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition

Summary

We began this chapter on how to keep your users' data safe from cross-site scripting exploits by describing exactly what XSS is and how it works. We listed the various kinds of scripting that might be involved, categorized the two varieties of such scripting, and discussed each of a long list of possible XSS techniques.

We then turned to techniques for preventing XSS. After a discussion of why SSL connections do nothing to help this effort, we described various strategies for handling user input:

Encoding HTML entities (in input not expected to have HTML content)
Sanitizing URIs
Filtering for known XSS exploit attempts
Isolating sensitive activity in private APIs
Predicting users' next actions

We then provided a suggestion for testing ...

Get Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition by Chris Snyder, Michael Southwell, Thomas Myer

Summary

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly