How to avoid leakage to prevent XSS attacks?

Question

How to avoid leakage to prevent XSS attacks?

To prevent XSS attacks, output shielding enabled;

The above is from symfony, but I do not understand.

+3

escaping xss symfony1

user261527 Jan 29 '10 at 3:33

source share

2 answers

zombat · Answer 1 · 2010-01-29T03:42:56+0000

XSS is an acronym for Cross-Site Scripting. Cross-site scripting attacks occur when you manage to hide a script (usually javascript) on someone else’s website where it can be maliciously launched.

XSS , -. , -, , My name is <script src="http://bad.domain/evilscript.js"></script>. , , , , HTML, , , script .

, escape. Escaping , ( ) , . HTML < > ( ), HTML. < > (. PHP htmlspecialchars()), HTML- .

Symfony , , , .

Ry4an Brase · Answer 2 · 2010-01-29T03:39:10+0000

XSS, - - javascript . , , javascript google.com, javascript, , Google , .

, ( / ), HTML , .

How to avoid leakage to prevent XSS attacks?

More articles: