Test for Protection Against XSS Abuse
As we have discussed in previous chapters, an important part of keeping your scripts secure is testing them for possible vulnerabilities.
In other chapters, we have created sample tests for you to build on. In this case, however, there already exists an open source sanitizing routine and a built-in test facility; that is the Safe_Html project, at http://chxo.com/scripts/safe_html-test.php, which we referred to previously. There is no point to duplicating what is available there, and so we recommend that you consider building that into your applications, or at least using it as a guide toward developing your own solutions.
Any filters that you develop should be tested using at least all the inputs at http://ha.ckers.org/xss.html ...
Get Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
