ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button
  Autofilled PHP Forms
Subject:   Cross-site-scripting (XSS) security hole...
Date:   2006-03-25 04:58:32
From:   GavinAndresen
There's a security hole in the short example: $_SERVER['PHP_SELF'] should be htmlspecialchars($_SERVER['PHP_SELF']) to prevent cross-site-scripting attackes.

I've updated the examples in the .zip file. A good description of the attack can be found at: