December 2010
Intermediate to advanced
363 pages
12h 21m
English
book
Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition
by Chris Snyder, Michael Southwell, Thomas Myer
Content preview from Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Test for Protection Against XSS Abuse
As we have discussed in previous chapters, an important part of keeping your scripts secure is testing them for possible vulnerabilities.
In other chapters, we have created sample tests for you to build on. In this case, however, there already exists an open source sanitizing routine and a built-in test facility; that is the Safe_Html project, at http://chxo.com/scripts/safe_html-test.php, which we referred to previously. There is no point to duplicating what is available there, and so we recommend that you consider building that into your applications, or at least using it as a guide toward developing your own solutions.
Any filters that you develop should be tested using at least all the inputs at http://ha.ckers.org/xss.html ...