Rob Allen

Pragmatism in the real world

Pádraic Brady: A Hitchhiker’s Guide to Cross-Site Scripting (XSS) in PHP (Part 1)

Pádraic Brady has posted A Hitchhiker’s Guide to Cross-Site Scripting (XSS) in PHP (Part 1): How Not To Use Htmlspecialchars() For Output Escaping:

Always set the third parameter to htmlspecialchars(), set it correctly, and make sure your document is never served with a mismatched or invalid character encoding! Don’t expect some theoretically perfect world to magically appear – browsers are filthily efficient at doing weird things you don’t expect.

With a nod to the anniversary of Douglas Adams‘ death on Sunday, Pádraic Brady has written possibly the definitive guide to the htmlspecialchars() function.

Read it. Then read it again.

This article was posted on in Around the web

Search

I'm Rob Allen, a software consultant and engineering leader, concentrating on HTTP APIs. A proponent of Open Source, I maintain rst2pdf and Slim Framework, and contribute to Apache OpenWhisk amongst other OSS projects.

I live in the UK, run 19FT and publish Daily Jotter for Mac. I am a public speaker and wrote Zend Framework in Action.

Follow

Nineteen Feet Limited logo

Books I've written

Zend Framework in Action book cover
C++Builder 5 Developer's Guide book cover