Women in Technology

Hear us Roar


Article:
  Autofilled PHP Forms
Subject:   Cross-site-scripting (XSS) security hole...
Date:   2006-03-25 04:58:32
From:   GavinAndresen
There's a security hole in the short example: $_SERVER['PHP_SELF'] should be htmlspecialchars($_SERVER['PHP_SELF']) to prevent cross-site-scripting attackes.


I've updated the examples in the .zip file. A good description of the attack can be found at:
http://blog.phpdoc.info/archives/13-XSS-Woes.html

Recommended for You
 
Sign up today to receive special discounts,
product alerts, and news from O'Reilly.
Privacy Policy >
View Sample Newsletter >