XSS

[JoeC]

Does anyone know the easiest way of securing from XSS? In fact, any way of stopping XSS attacks would be nice. Cos I dunno how to, and without a secure method of preventing XSS, I'm pretty naffed up :p

I'm not sure I have the right name for it, but I'm fairly sure it's XSS. The process is a person writing a script on their local machine (example, a form), and using it to submit nasty data :p That, and inputting code directly into the address bar.

Also, any information on getting SSL set up is much appreciated, ie, if it costs money, if so, how much, etc. :)

Oh, and any random and general security advice is also much appreciated.

Thanks.

Edited December 1, 2005 by JoeC

[teh h4x0r5]

Hey Joe,

I can't really comment on how to prevent XSS, but maybe sessions would solve this?

Anyways, what I can comment on is SSL. You can buy an SSL certificate from someone such as NameCheap, their certificates start from $15.99 per year; or alternatively, if you have WHM access and it is a cPanel server, simply go to the 'Web SSL/TLS' tab, generate an SSL certificate, then install it from the same tab. ;)

Either way, I'm quite sure you need a dedicated IP from your host as it uses up the whole of port 443.. I know for definate that you do for the WHM option.

Any other questions about SSL and hosting, you have my MSN address. ;)

[lnmnky]

In most cases, securing against xss is as simple as replacing ' with '' (2 single quotes)

and replacing html code < > with the & lt ; and & gt ; conterparts.

there are ascii/hex/unicode alternatives that you have to replace also, but I don't know them off the top of my head. Like %F3 and stuff. (i made that one up in case you go and check it)

[Cailin]

There was a good discussion about PHP's security and protecting against XSS a month ago here.

https://www.neowin.net/forum/index.php?showtopic=389977&hl=