How do I protect against cross-site scripting?

Posted by shahinkian on Stack Overflow See other posts from Stack Overflow or by shahinkian
Published on 2010-05-07T18:43:16Z Indexed on 2010/05/07 18:48 UTC
Read the original article Hit count: 347

Filed under:

cross-site-scripting

|

sql-injection

|

web-security

I am using php, mysql with smarty and I places where users can put comments and etc. I've already escaped characters before inserting into database for SQL Injection. What else do I need to do?

© Stack Overflow or respective owner

Related posts about cross-site-scripting

Best Practice: Legitimate Cross-Site Scripting

as seen on Stack Overflow - Search for 'Stack Overflow'
While cross-site scripting is generally regarded as negative, I've run into several situations where it's necessary. I was recently working within the confines of a very limiting content management system. I needed to include database code within the page, but the hosting server didn't have anything… >>> More
How do I protect against cross-site scripting?

as seen on Stack Overflow - Search for 'Stack Overflow'
I am using php, mysql with smarty and I places where users can put comments and etc. I've already escaped characters before inserting into database for SQL Injection. What else do I need to do? >>> More
Cracking Websites with Cross Site Scripting

as seen on How to geek - Search for 'How to geek'
You may have heard the term ‘cross site scripting’ before, but what exactly is ‘it’ and why is it dangerous for a website? YouTube channel Computerphile presents a nice primer on the ‘how and why’ of cross site scripting and the dangers it presents in their latest… >>> More
Whats up with cross site Scripting (getJSON) and flickr example

as seen on Stack Overflow - Search for 'Stack Overflow'
In past i had read the documentation about getJSON and there is an example with a flickr photo api. (the example with the [pussy]cats :-)). No I ask myself why is it possible, to access flickr directly with this example. Ive tried this by store this code on my local machine - it works but if I use… >>> More
ASP .NET Code analysis tool to check cross site scripting

as seen on Stack Overflow - Search for 'Stack Overflow'
I am aware of a tool which MS has provided which tells you about coss site scripting attack etc. The tool is http://www.microsoft.com/downloads/details.aspx?FamilyId=0178e2ef-9da8-445e-9348-c93f24cc9f9d&displaylang=en But are there tools which you have used for ASP .NET applications which do… >>> More

Related posts about sql-injection

Is this query vulnerable to sql injection?

as seen on Stack Overflow - Search for 'Stack Overflow'
$myq = sprintf("select user from table where user='%s'", $_POST["user"]); I would like to know if the above query can be exploited using SQL injection. Is there any advanced SQL injection technique that could break sprintf for this particular query? >>> More
10 Ways to Prevent or Mitigate SQL Injection Attacks

as seen on Internet.com - Search for 'Internet.com'
SQL injection attacks could allow hackers to compromise your network, access and destroy your data, and take control of your machines. >>> More
10 Ways to Prevent or Mitigate SQL Injection Attacks

as seen on Internet.com - Search for 'Internet.com'
SQL injection attacks could allow hackers to compromise your network, access and destroy your data, and take control of your machines. >>> More
Database Activity Monitoring Part 2 - SQL Injection Attacks

as seen on SQL Server Central - Search for 'SQL Server Central'
If you think through the web sites you visit on a daily basis the chances are that you will need to login to verify who you are. In most cases your username would be stored in a relational database along with all the other registered users on that web site. Hopefully your password will be encrypted… >>> More
SQL Server SQL Injection from start to end

as seen on SQL Team - Search for 'SQL Team'
SQL injection is a method by which a hacker gains access to the database server by injecting specially formatted data through the user interface input fields. In the last few years we have witnessed a huge increase in the number of reported SQL injection attacks, many of which caused a great deal… >>> More