input is URL, how to protect it from xss

后端未结

关注

 3  1640

逝去的感伤 2020-12-30 16:40

I have a form text field that accepts a url. When the form is submitted, I insert this field into the database with proper anti-sql-injection. My question though is about xs

3条回答

春和景丽 (楼主)

2020-12-30 16:51

You need to encode it with htmlspecialchars before displaying to a user. Usually this is enough when dealing with data outside of

验证码

看不清?

提交回复