I was recently going around with a few HTML tags in my steam name and realised that a lot of servers didn't have any XSS protection.
I'm making this post to simply remind everyone to add the function to their code.
I haven't done this yet but, someone can easily make their whole name a script and completely mess up your website using XSS.
[CODE]
Function:
htmlspecialchars()
What your code should probably look like:
htmlspecialchars($array['response']['players'][0]['personaname']);
[/CODE]
The sad thing about it is that it wasn't just one server. It was a whole bunch of servers I just randomly joined and happened to get my name in [B]bold[/B].
You have two posts and are tutoring us on the most basic security measurement you can possibly use to secure your website...
[QUOTE=Cyberuben;45474511]You have two posts and are tutoring us on the most basic security measurement you can possibly use to secure your website...[/QUOTE]
meh, his first post isn't in Rust. Could be worse.
I'm going to extend the advice given to: Any output, anywhere, that [I]you [/I]haven't written MUST be sanitized. Don't wait until it breaks to fix it.
[QUOTE=Cyberuben;45474511]You have two posts and are tutoring us on the most basic security measurement you can possibly use to secure your website...[/QUOTE]
These posts aren't for you, they're for those who don't understand and are still learning.
A lot of people make these themselves, and I would say a lot could be doing modern webpages for the first time.
If Potato has stated that they've found the error on a lot of sites, then it's something worth bringing up
Sorry, you need to Log In to post a reply to this thread.
