XSS (Cross site Scripting), which is intended to be an XSS attack, in order to distinguish it from style sheet css (cascading style Sheet)
Cross-site scripting is primarily used by attackers to read Web site users ' cookies or other personal data, and once an attacker obtains such data, he can impersonate the user to log on to the site and gain access to the user.
General steps for cross-site scripting attacks:
1. An attacker sends an XSS HTTP link to the target user in some way
2. The target user logs on to this website, which opens an XSS link sent by the attacker during the login
3. The website executes this XSS attack script
4, the target user page jumps to the attacker's website, the attacker obtains the target user's information
5, the attacker uses the target user's information to log on the website, completes the attack
When a program with a cross-site vulnerability appears, an attacker could construct a similar http://www.baidu.com/search.php?key= "method=" POST ">
Cross-site scripting is plugged in.
The defense method also uses Htmlspecialchars to filter the output variables, or the form that is submitted to its own file
This directly avoids the $_server["php_self") variable being cross-site
PHP Vulnerability Full Solution (iv)-XSS cross-site scripting attack