Much if has said in holes of Cross Site Scripting. Happily, language PHP supplies to the programmer a great function to prevent that this happens, called HTMLSpecialChars. It only needs an argument of string to function: $String = "<b>Hello Word</b>"; $String = HTMLSpecialChars($String); In the example above, if the variable was shown later, the text would not leave in boldface. This function converts all tags HTML into the real text that we desire to show, and making this, it prevents that any one of them to the inserted being either interpreted by the navigator as HTML. It also prevents that any script that he has been inserted in a box of text either made... Excuses for my English... André Luiz Rodrigues Ferreira alrferreiraat_private - http://freecode.linuxsecurity.com.br "Not necessary to ask for license to have freedom..."
This archive was generated by hypermail 2b30 : Thu May 02 2002 - 14:13:35 PDT