Home > Archive > PHP Programming > May 2004 > Checking for XSS ?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Checking for XSS ?
|
|
| StinkFinger 2004-05-19, 1:30 am |
| All,
Does the check below ensure that the files are originating from my server,
i.e. to prevent or detect
any type of XSS ? Or is the HTTP_HOST easily spoofed ?
function test ($refer)
{
if (!stristr($refer, $_SERVER["HTTP_HOST"])) {
die();
} else {
}
}
test ($_SERVER["HTTP_HOST"]);
Any better ideas ?
Many thanks.
| |
| R. Rajesh Jeba Anbiah 2004-05-21, 1:30 am |
| "StinkFinger" <stinky@pinky.com> wrote in message news:<10alovs4861j233@corp.supernews.com>...
> All,
> Does the check below ensure that the files are originating from my server,
> i.e. to prevent or detect
> any type of XSS ? Or is the HTTP_HOST easily spoofed ?
>
> function test ($refer)
> {
> if (!stristr($refer, $_SERVER["HTTP_HOST"])) {
> die();
> } else {
> }
> }
>
> test ($_SERVER["HTTP_HOST"]);
>
> Any better ideas ?
Instead create a session variable in one page and see the presence
in another page (just like login mechanism)
--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com
|
|
|
|
|