Home >Backend Development >PHP Tutorial >How to prevent utf-7 reflected xss vulnerability in php.
How to prevent utf-7 reflected xss vulnerability in php.
- WBOYOriginal
- 2016-08-04 09:21:551140browse
Using the yii1.1 framework
<code> $req = Yii::app()->request;
$purifier = new CHtmlPurifier();
$purifier->options = array(
'URI.AllowedSchemes'=>array(
'http' => true,
'https' => true,
)
);
$url = $purifier->purify($req->getParam('url'));</code>
All parameters are filtered using purify. But there is still this loophole. Please tell me how to solve it. Is there a better solution for liberation?
Reply content:Using the yii1.1 framework
<code> $req = Yii::app()->request;
$purifier = new CHtmlPurifier();
$purifier->options = array(
'URI.AllowedSchemes'=>array(
'http' => true,
'https' => true,
)
);
$url = $purifier->purify($req->getParam('url'));</code>
All parameters are filtered using purify. But there is still this loophole. Please tell me how to solve it. Is there a better solution for liberation?
1 Custom method to filter common xss attack tags: script|iframe|image/Uis
2 Configuration direction to consider: Set httponly to prohibit obtaining cookies
3 Service direction: Use SSL protocol and prohibit loading of external js
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:phpcmsv9 - phpcms v9 thumbnail blurryNext article:phpcmsv9 - phpcms v9 thumbnail blurry