How To Restrict Xss In Yii?

How to Restrict XSS in YII?

One of the xss tool giving high warning to following url

yii/testdrive/user/login?ref=javascript:alert(1);

Can any one suggest me how to fix?

Looks like false positive since there’s no ref parameter in default application.

Yes. Purposefully we have done as mention below in the controller

if (isset($_GET[‘ref’])) {

$ref = $_GET[‘ref’];

$this->redirect($ref);

}

Do u have suggestion, how to fix

so what is the problem ?? you can sanitize $_GET before assigning

Thanks guys. got an idea to fix the issue.