November 14

Cross-Site Scripting Attacks – XSS

XSSA cross-site scripting attack is amongst the top 5 security attacks happened out on a daily basis across the Internet.

A cross-site scripting also known as XSS. It is type of code injection attack which is made possible by  validating user data incorrect way, which usually gets inserted into the page through a web form or using an altered hyperlink. The code injected can be any malicious client-side code, such as JavaScript, HTML, CSS, script  and others.  The injected code is used to store harmful data on the server or perform a malicious action within the user’s browser.

we are facing this problem most often, because its very next to impossible to develop 100 % secure code. Every PHP programmer has the responsibility to understand how attacks can be carried out against their PHP scripts to exploit possible security vulnerabilities.

Below are some steps to prevent XSS:

1. Data validation

2. Data Sanitization

3. Output Escaping