Author Topic: Cross site scripting Meta tag issue  (Read 332 times)

mp5163093

  • New Member
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
Hello everyone,

The below line of code is flag as being vulnerable for cross site scripting (xss)

1
 <meta property="og:url" content="https://www.mysite.com/events/" >

Question:
How do I manually test the page with a real code test ?
Already try it in the url addres bar:

1
 https://www.mysite.com/events/<script>alert(271)</script>

and this test is sending the user to my non-found page which is a good thing

Second question:
If I change the line of code in question to the below solution should solve the problem?

1
 <meta property="og:url" content="<?php $url="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; echo htmlspecialchars($url); ?>" />


Thank you for your help in advance :)

PHP Help Forum

Cross site scripting Meta tag issue
« on: March 15, 2017, 03:59:27 pm »


Strider64

  • Professional PHP Helper
  • Senior Member
  • *
  • Posts: 914
  • Karma: 75
  • Don't Use mysql....use mysqli or PDO!
    • View Profile
    • Pepster's Place
Insanity: doing the same thing over and over again and expecting different results -> https://www.pepster.com

PHP Help Forum

Re: Cross site scripting Meta tag issue
« Reply #1 on: June 05, 2017, 07:27:00 am »


Kevin Rubio

  • Professional PHP Helper
  • Senior Member
  • *
  • Posts: 1813
  • Karma: 108
  • Programmer Available for hire
    • View Profile
    • Galaxy Internet
I know this thread is a little old, but here's what I do ->
1
 header('x-xss-protection: 1; mode=block');


The proper place for that code is in the Server config one time rather than many times in many scripts.
PDO Bumpstart Database

The XY Problem
The XY problem is asking about your attempted solution (X) rather than your actual problem (Y). This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help. http://xyproblem.info/

PHP Help Forum

Re: Cross site scripting Meta tag issue
« Reply #2 on: June 05, 2017, 12:40:20 pm »



PHP Help Forum

Re: Cross site scripting Meta tag issue
« Reply #3 on: June 06, 2017, 04:56:54 pm »