Reputation: 405
Crosssite Scripting issues
Right now im trying to filter all of my variables to secure my site from xss. I read a few things here and there and to me it seems the best way to do that would be to whitelist all charackters that i need for numbers i use
$adrnr = preg_replace("/[^0-9]/", "", $adrnr);
but if it comes to words Im haveing a issue since im german I would need to whitelist ü,ä,ö and ß is there a way to do so?
Upvotes: 1
Views: 64
Answers (2)
Reputation: 3690
While you can (or even should) filter/convert/validate your input, XSS prevention has to be done for your output, because what you have to do is context-based. htmlspecialchars() saves you in a lot of locations in your output, but not in all. See the OWASP XSS Prevention Cheat Sheet.
For your input validation of german names you may simply use this:
preg_match('/^[a-zA-ZäöüßÄÖÜ ]+$/', $nachname)
Upvotes: 1
Related Questions
- Best method/practice to solve Cross Site Scripting (XSS) in php?
- How to fix Cross Site Scripting (XSS)? can we fix using .htaccess
- Difficulty with XSS (cross-site scripting) error on my journal site
- Trying to get rid of Cross-Site Scripting (XXS) vulnerablity in code
- How to prevent cross site scripting
- Fix cross site scripting issue
- Cross Site Scripting Issue
- cross-site scripting (xss) attack
- cross site scripting
- Web Application Cross Site Scripting