I'm just a beginner in HTML and PHP, barely even qualified enough to call myself that though. I'm wondering if I put it at the beginning of ever page, and wrap the whole page in it if it would patch them all? For example:
PHP Code:<?php
$str = "A 'quote' is <b>bold</b>";
echo htmlentities($str);
echo htmlentities($str, ENT_QUOTES);
?>
Shows up as: A 'quote' is <b>bold</b>
How can I apply this to Illumina? Thanks :)
For user input I prefer to filter out all the html with htmlspecialchars and then I make sure I escape the string with mysql_real_escape_string(); when using mysql. If using prepared statements it doesnt really matter but still filter the html.
Could you give a example of a XSS exploit in illumina
Reply With Quote