Please include the list when replying unless you're looking to hire me! 2009/3/11 filtered <zopyxfilter@xxxxxxxxxxxxxx> > On Wed, Mar 11, 2009 at 13:41, Stuart <stuttle@xxxxxxxxx> wrote: > > 2009/3/11 filtered <zopyxfilter@xxxxxxxxxxxxxx> > > > > > $_GET['cam'] looks fine. $_GET['studio'] is not. > > I could build a URL that would output a javascript tag to do anything I > want > > from the security context of a page on your site. This is not good. > > Check out http://php.net/htmlentities and associated functions. > > More detailed question: is this code prone for attacking the local > web/php-server? I agree that it is weak with respect to XSS. Not on the face of it, but we would need a lot more of your code to decide that for certain, something which goes way beyond the scope of this list. But I would ask the question why it matters? It's bad so fix it. If you really have code like this anywhere in your site, escape it. Escape stuff coming in and escape stuff going out. There are no exceptions. Ever. -Stuart -- http://stut.net/
