bruce wrote:
i'm confused!!!! regarding XSS. Cross-Site Scripting appears to be due to somehow allowing a user to insert 'html'/data/etc into the URL that you as the app are expecting? is this correct?
A XSS vulnerability exists whenever you output tainted data. For example, if a user can submit data to your application, and you use this data in an echo statement without filtering it (or escaping it, as Jasper noted), you have a XSS vulnerability.
Here's an example: echo $_GET['username']; Here's another example: <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
wouldn't this be easy enough to solve in most cases, if the app did the proper validation/data checking?
Yes, but the more important point is to escape output. If you have data that you want to display in HTML without it being interpreted as HTML, use something like htmlentities() to escape it.
Hope that helps. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
