Cross site scripting Meta tag issue

Security and PHP
#1

Hello everyone,

The below line of code is flag as being vulnerable for cross site scripting (xss)

[php][/php]
Question:
How do I manually test the page with a real code test ?
Already try it in the url addres bar:

[php]https://www.mysite.com/events/[/php]
and this test is sending the user to my non-found page which is a good thing

Second question:
If I change the line of code in question to the below solution should solve the problem?

[php]<meta property=“og:url” content="<?php $url="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; echo htmlspecialchars($url); ?>" />[/php]

Thank you for your help in advance :slight_smile:

#2

I know this thread is a little old, but here’s what I do ->
[php]header(‘x-xss-protection: 1; mode=block’);[/php]

#3

The proper place for that code is in the Server config one time rather than many times in many scripts.

#4

Hello Kevin and Stride64,

I found the below article

What do you think ?

Sponsor our Newsletter | Privacy Policy | Terms of Service