Tereska's Profile

About Me:

Last 10 Comments

1

Sorry for my E ;)

Chris, I didnt want to to offend anyone so I'm sorry for my "learn PHP" sentence :) it's just misunderstanding... :)

I'm really concern about this RSS example and I've tried to do something to make this hack useless...

I think the KEY in this example is htmlentities 3rd parameter -> [, string $charset]. If I'm wrong just correct me.

Thanks! Seeyaa!
Posted in /blog/2005/dec/google-xss-example.

Tue, 29 May 2007 at 19:03:05: Link

2

Replace last line with this one:

echo htmlentities($string, ENT_QUOTES);

and this hack will not work....

learn PHP guys ;))
Posted in /blog/2005/dec/google-xss-example.

Mon, 28 May 2007 at 21:06:05: Link

Stats

Member Since: 28 May 2007
Comments: 2

Web Site

tereska.myopenid.com

Blog Posts

Top 5 Blog Posts

Save the Internet with rev="canonical"

10 Apr 2009
62 Comments

My Amazon Anniversary

15 Mar 2007
41 Comments

Allowing HTML and Preventing XSS

14 Mar 2007
66 Comments

addslashes() Versus mysql_real_escape_string()

22 Jan 2006
69 Comments

Google XSS Example

21 Dec 2005
36 Comments

Top 5 Articles

Security Corner: Cross-Site Request Forgeries

13 Dec 2004
75 Comments

The Truth about Sessions

15 Dec 2003
77 Comments

Foiling Cross-Site Attacks

14 Oct 2003
68 Comments

Guru Speak: Storing Sessions in a Database

14 Dec 2004
60 Comments

Guru Speak: How to Avoid "Page Has Expired" Warnings

21 Oct 2004
48 Comments

Work and Books

Analog A web design and development co-operative
Essential PHP Security O'Reilly, 2005
HTTP Developer's Handbook Sams, 2003

Footer