PHP_SELF和XSS [英] PHP_SELF and XSS
本文介绍了PHP_SELF和XSS的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我发现有一篇文章声称$_SERVER['PHP_SELF']
容易受到XSS攻击.
I've found an article claiming that $_SERVER['PHP_SELF']
is vulnerable to XSS.
我不确定我是否理解正确,但是我几乎可以肯定这是错误的.
I'm not sure if I have understood it correctly, but I'm almost sure that it's wrong.
这怎么容易受到XSS攻击!?
How can this be vulnerable to XSS attacks!?
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<!-- form contents -->
</form>
推荐答案
To make it safe to use you need to use htmlspecialchars()
.
<?php echo htmlspecialchars($_SERVER["PHP_SELF"], ENT_QUOTES, "utf-8"); ?>
请参见.
See A XSS Vulnerability in Almost Every PHP Form I’ve Ever Written for how $_SERVER["PHP_SELF"]
can be attacked.
这篇关于PHP_SELF和XSS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文