Home > Mobile >  PHP Security test gives me critical Reflected XSS warning for GetHTMLValueString, how can i fix?
PHP Security test gives me critical Reflected XSS warning for GetHTMLValueString, how can i fix?

Time:11-15

enter image description here

PHP Security test gives me critical Reflected XSS warning for GetHTMLValueString, how can i fix?

CodePudding user response:

Try convert value to HTML Entities

<?php $depo_gin = '<a>1</a>'; ?>
<td>...</td><td><?php echo htmlentities( GetHTMLValueString($depo_gin) ); ?></td>

OR

<?php $depo_gin = '<a>1</a>'; ?>
<td>...</td><td><?php echo htmlspecialchars( GetHTMLValueString($depo_gin) ); ?></td>

Result in HTML:

<td>...</td><td>&lt;a&gt;1&lt;/a&gt;</td>

Docs:

https://www.php.net/manual/en/function.htmlentities.php

https://www.php.net/manual/en/function.htmlspecialchars.php

If you need only value from html content

Try use function strip_tags

<?php 

var_dump(
  strip_tags('<a>1</a>')
); # result: 1

https://www.php.net/manual/en/function.strip-tags

Page link:https//www.codepudding.com/Mobile/191535.html

Prev:Sending a MSAL token to backend using Axios
Next:Auto mapper makes error when mapping class with another class properties
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding