Document directory
Introduction
What is "cross-site scripting "?
Solutions
Solutions for mod_perl
Tainting + Apache: Request... Apache: taintrequest
Conclusions
Resources
By Paul Lindner
February 20,200 2
Introduction
The cross-site
This article illustrates the YII2 's XSS attack prevention strategy. Share to everyone for your reference, specific as follows:
XSS Vulnerability Fixes
Principle: Do not trust the data entered by the customerNote: The attack code is not
Have been confused about the functions of the two convert HTM characters as HTML entities, and queried the documentation, summarized as followsHtmlentities: Convert all applicable characters to HTML entities (converts all available characters to
PHP after a long period of development, many users are very familiar with PHP, here I published a personal understanding of the PHP string processing function, I hope to help everyone, PHP itself is a simple and powerful language.
The
This article mainly introduces Yii2's XSS attack prevention policies, analyzes in detail the XSS attack principles and Yii2's corresponding defense policies, for more information about Yii2 XSS attack prevention policies, see the following example.
PHP's ability to handle strings is very powerful, and there are a variety of ways, but sometimes you need to choose one of the simplest and most ideal solutions, the article lists 10 common string processing cases in PHP, and provides the most
Addcslashes-adds a backslash escape character for some characters inside a string
addslashes-characters inside a string are escaped in the specified manner
bin2hex-converts binary data to hexadecimal notation
alias function for Chop-rtrim
by Zhangxinxu from http://www.zhangxinxu.comThis address: http://www.zhangxinxu.com/wordpress/?p=1623Before the text begins, share two characters related to the Object.The first is a picture, a few characters and a contrasting picture that you want
Well, because it is pure small white, this problem may be a bit of food, the Great God forgive me ...
is to write PHP, need to echo special characters, such as "This symbol, when writing to PHP with escape \" Good or HTML code
"Well, what?
Ask you,
The article has incorrect or the rhetoric is not clear place, the trouble everybody pointed out ~ ~ ~
The configuration and functions associated with the PHP string escape are as follows:
1.magic_quotes_runtime
2.magic_quotes_gpc
3.addslashes ()
array_change_key_case-returns an array with a string key that is all lowercase or uppercase
array_chunk-to split an array into multiple
Array_combine-creates an array with the value of one array as its key name and the value of the other array as
Getelementbyid getelementsbyname getelementsbytagname difference and summary
1st Floor
Getelementbyid getelementsbyname getelementsbytagname difference and summaryIn the Web standard, you can use getelementbyid (), getelementsbyname (),
The following is a detailed analysis of common functions in PHP. For more information, see array_change_key_case. the returned string key names are all lowercase or upper-case arrays.
Array_chunk-divide an array into multiple
Array_combine-creates
addcslashes-using backslashes to escape characters in a string in C language style
addslashes-referencing strings with backslashes
bin2hex-converts binary data to hexadecimal notation
Aliases for Chop-rtrim
chr-returns the
Instance
The pre-defined HTML entity "
The HTML output of the above code is as follows (see source code):
this is some bold text.
The browser output of the above code is as follows:
This is some bold text.
Definition and usage
The
This paper describes the prevention strategy of XSS attack in Yii2. Share to everyone for your reference, as follows:
XSS Bug fix
Principle: Do not trust the data entered by the customerNote: The attack code is not necessarily in the
① flags The
This paper introduces the character escaping functions and security functions commonly used in PHP, and uses these functions to filter the most common attack methods, such as SQL injection.Contents of this section: PHP Escape character function
Markdown Syntax Instructions (Simplified Chinese version)/(click to see Quick Start)
Overview
Purpose
Compatible HTML
Automatic conversion of special characters
Chunk element
Paragraphs and line
Find an article on others' blogs to briefly introduce the differences and usage of outerhtml, innerhtml, and innertext. Let's share it with you.
The usage of outerhtml is different from that of innerhtml. outerhtml includes the entire tag, not
Magic Reference function for data in PHP MAGIC_QUOTES_GPC or magic_quotes_runtime
When set to on, the data we reference encounters single quotes ' and double quotes ' as well as backslashes, which automatically adds backslashes to help us
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.