防止corss边脚本 [英] Prevent corss side scripting

问题描述

我已经开发了一个讨论论坛，很多答案都会引起很多疑问，所以为了防止XXS我使用了htmlentites（addslashes（$ inp）），但是如果有人想在他们的答案中使用新的行和标签它不会显示...

我必须允许它们只使用换行符和制表符空间

任何人都可以帮助我....谢谢

解决方案

inp）），但如果有人想在他们的答案中使用新的行和标签，它将无法显示...

我必须允许他们使用只有新行和标签空间

任何人都可以帮助我....谢谢你

希望在下面的链接中你会得到你的回答：



http://resources.infosecinstitute.com /如何防止 - 跨站点脚本攻击/ [ ^ ]



http：/ /www.veracode.com/security/xss [ ^

I have developed a discussion forum in that a lot of answers are coming to lot of question , so to prevent XXS I have used htmlentites(addslashes($inp)), but if somebody want to new lines and tabs in their answers it will not showing...
I have to allow them to use only newlines and tab spaces
Can anybody help me.... Thank you

解决方案

inp)), but if somebody want to new lines and tabs in their answers it will not showing...
I have to allow them to use only newlines and tab spaces
Can anybody help me.... Thank you

Hope in below links you will get your answer:

http://resources.infosecinstitute.com/how-to-prevent-cross-site-scripting-attacks/[^]

http://www.veracode.com/security/xss[^]

这篇关于防止corss边脚本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！