php - Does urlencode() protect against XSS -
$address
, $citystate
user provided, stored in db, , available others view shown below. there risk of xss? should htmlspecialchars()
used on it?
<img src="http://maps.google.com/maps/api/staticmap?markers=color:blue|<?php echo(urlencode($address.' '.$citystate));?>&zoom=14&size=400x400&sensor=false" alt="map" />
there no magic wand php function protect all. every protection 100% safe till day hacked. need understand , how site can hacked , improve protection every day.
you can interesting tips article xss prevention.
also php.net urlencode documentation:
<?php $query_string = 'foo=' . urlencode($foo) . '&bar=' . urlencode($bar); echo '<a href="mycgi?' . htmlentities($query_string) . '">'; ?>
Comments
Post a Comment