This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP PHP AntiXSS Library Project"
m (→URL) |
(→Examples) |
||
| Line 18: | Line 18: | ||
=== HTML === | === HTML === | ||
| − | + | <tt> | |
<p>Hello, <strong><php echo AntiXSS:HTMLEncode($nameOfMyUser); ?></strong>!</p> | <p>Hello, <strong><php echo AntiXSS:HTMLEncode($nameOfMyUser); ?></strong>!</p> | ||
| − | + | </tt> | |
=== JavaScript === | === JavaScript === | ||
| − | + | <tt> | |
... | ... | ||
alert(myFunction('<?php echo AntiXSS:JavaScriptEncode($myVariable); ?>'); | alert(myFunction('<?php echo AntiXSS:JavaScriptEncode($myVariable); ?>'); | ||
... | ... | ||
| − | + | </tt> | |
=== URL === | === URL === | ||
| + | <tt> | ||
... | ... | ||
<nowiki> | <nowiki> | ||
| Line 33: | Line 34: | ||
</nowiki> | </nowiki> | ||
... | ... | ||
| + | </tt> | ||
=== XML === | === XML === | ||
| + | <tt> | ||
<myelement myattribute="<?php echo AntiXSS::XMLAttributeEncode($myAttributeValue); ?>"><?php echo AntiXSS::XMLEncode($myElementValue); ?></myelement > | <myelement myattribute="<?php echo AntiXSS::XMLAttributeEncode($myAttributeValue); ?>"><?php echo AntiXSS::XMLEncode($myElementValue); ?></myelement > | ||
| − | + | </tt> | |
== Downloads == | == Downloads == | ||
Revision as of 18:11, 23 April 2007
Introduction
AntiXSS is a class for use with PHP 5+ that helps to reduce XSS (cross-site scripting) vulnerabilities by automatically encoding output to behave only as intended.
Requirements
- PHP5 and above
- mb_string PHP extension
Usage
- Make sure the mb_string extension is available with your PHP installation. If you are using Apache on Windows, this can most likely be done by adding (or un-commenting) a line in your php.ini file. On other platforms, you may need to recompile PHP. See [1] for more information.
- To make the code available to your program, include the owasp.antixss.php file, using a line like this: require_once "/path/to/owasp.antixss.php";
- It is not necessary to instantiate the class, though you may if you wish. Instead, make calls using the Scope Resolution Operator (::), like this: echo AntiXSS::HTMLEncode($myOutput);
Examples
HTML
Hello, <php echo AntiXSS:HTMLEncode($nameOfMyUser); ?>!
JavaScript
... alert(myFunction('<?php echo AntiXSS:JavaScriptEncode($myVariable); ?>'); ...
URL
... http://example.com/myscript.php?<?php echo AntiXSS::URLEncode($myQueryStringValue); ?> ...
XML
<myelement myattribute="<?php echo AntiXSS::XMLAttributeEncode($myAttributeValue); ?>"><?php echo AntiXSS::XMLEncode($myElementValue); ?></myelement >
Downloads
- owasp.antixss.php
- demo.owasp.antixss.php
This category currently contains no pages or media.
