Author Topic: Cross site scripting Meta tag issue  (Read 104 times)

mp5163093

  • New Member
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
Hello everyone,

The below line of code is flag as being vulnerable for cross site scripting (xss)

1
 <meta property="og:url" content="https://www.mysite.com/events/" >

Question:
How do I manually test the page with a real code test ?
Already try it in the url addres bar:

1
 https://www.mysite.com/events/<script>alert(271)</script>

and this test is sending the user to my non-found page which is a good thing

Second question:
If I change the line of code in question to the below solution should solve the problem?

1
 <meta property="og:url" content="<?php $url="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; echo htmlspecialchars($url); ?>" />


Thank you for your help in advance :)

PHP Help Forum

Cross site scripting Meta tag issue
« on: March 15, 2017, 03:59:27 pm »