How to Restrict XSS in YII?
One of the xss tool giving high warning to following url
yii/testdrive/user/login?ref=javascript:alert(1);
Can any one suggest me how to fix?
How to Restrict XSS in YII?
One of the xss tool giving high warning to following url
yii/testdrive/user/login?ref=javascript:alert(1);
Can any one suggest me how to fix?
Looks like false positive since there’s no ref parameter in default application.
Yes. Purposefully we have done as mention below in the controller
if (isset($_GET[‘ref’])) {
$ref = $_GET[‘ref’];
$this->redirect($ref);
}
Do u have suggestion, how to fix
so what is the problem ?? you can sanitize $_GET before assigning
Thanks guys. got an idea to fix the issue.