2017 OWASP Top 10 for PHP Developers Part 7: Cross-Site Scripting (XSS)
We have all seen search forms, haven’t we? Take a look at mine: The above search form is pretty basic – when a search query is provided, the page will respond with “You’ve searched for …” and display the results. This search form does not have anything unusual compared to the other search forms out there – except that it does not sanitize the input.. What happened here is we have entered a different search term. Here’s what was provided: <script>alert(“2017…