"Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables
attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be
used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites
accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007." - http://en.wikipedia.org/wiki/Cross-site_scripting
1) Use filter_input() - don't use GLOBAL-Array (e.g. $_SESSION, $_GET, $_POST, $_SERVER) directly
2) Use HTML Purifier if you need a more configurable solution
3) Add "Content Security Policy's" -> Introduction to Content Security Policy
4) DO NOT WRITE YOUR OWN REGEX TO PARSE HTML!
5) READ THIS TEXT -> XSS (Cross Site Scripting) Prevention Cheat Sheet
6) TEST THIS TOOL -> Zed Attack Proxy (ZAP)
AntiXSS alternatives and similar libraries
Based on the "Security" category
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest. Visit our partner's website for more details.
Do you think we are missing an alternative of AntiXSS or a related project?