Login   Register  
PHP Classes
elePHPant
Icontem

File: Help

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Classes of Francisco López  >  dXSS  >  Help  >  Download  
File: Help
Role: Documentation
Content type: text/plain
Description: Help and how to use
Class: dXSS
Filter dangerous values from the GET parameters
Author: By
Last change:
Date: 2010-07-31 05:08
Size: 1,082 bytes
 

Contents

Class file image Download
A working example would be:

$g = new dXSS();
$g->url = 'http://www.google.es';
$g->longitud = 10;
$g->TestGet();

This code must be before any output was produced from the browser. At the top of the page, for example.

In this way, accept parameters such as:

http://www.domain.com/index.php?Id=45&acc=new&op=32

But do not accept such things as:

http://www.domain.com/index.php?p=<script>alert("XSS");</script>


It is quite interesting to define a small length whenever possible:

$g = new dXSS();
$g->url = 'http://www.google.es';
$g->longitud = 2;
$g->TestGet();

Allow:

http://www.domain.com/index.php?Id=45&sub=3&acc=new&op=32

But no:

http://www.domain.com/index.php?Id=<meta%20http-equiv="refresh"%20content="0;">

or even:

http://www.domain.com/index.php?Id=$%

NOTE: This class controls only received $ _GET parameters. Could easily adapt or modify the class to the information received by $ _POST or even to deal with both, but I wanted to show a very simple use and compatible with compatible with PHP versions lower than 5.