Detri Amelia Chandra
  • HOME
  • GIS
  • HTML
  • Bootstrap
  • CSS
  • Javascript
  • Ubuntu
  • Useful Tools
    • URL Redirect Tool
    • URL Download Encryptor
No Result
View All Result
Detriamelia.com
  • HOME
  • GIS
  • HTML
  • Bootstrap
  • CSS
  • Javascript
  • Ubuntu
  • Useful Tools
    • URL Redirect Tool
    • URL Download Encryptor
No Result
View All Result
Detriamelia.com
No Result
View All Result

Prevent XSS Injection Attacks On PHP Easily

21/05/2019
in PHP, Web Security
Prevent XSS Injection Attacks On PHP Easily

Prevent XSS Injection Attacks On PHP Easily

XSS Injection or also known as Cross Site Scripting is a type of code injection attack technique. Preventing XSS attacks on PHP is very important. For that I will describe the easy tricks to ward off this XSS Injection attack. Before discussing further, my previous article was about the Application of Jquery Mask for Numbers in HTML and PHP Forms, please read for those who have not applied it in the form.

Reporting from Wikipedia, XSS is carried out by attackers by entering injection scripts on a site. This attack seems to come from the site itself. So it looks like there was an error in the scripting scripting by the program maker. As a result of this attack, the danger the attacker can bypass web security from the client side, get sensitive information such as sessions, or even can insert a very dangerous script that can record all web activities.

Well, I will not explain the complete definition of XSS Injection. For more details, please visit the https://id.wikipedia.org/wiki/XSS page to get more complete information about this XSS Injection.

Prevent XSS Injection Attacks On PHP Easily

Seeing the dangers of this injection technique, I will share powerful scripts to ward off XSS Injection attacks on PHP. Here is the script:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
function antixss($data){
// Fix &entity\n;
$data = str_replace(array('&','<','>'), array('&','<','>'), $data);
$data = preg_replace('/(&#*\w+)[\x00-\x20]+;/u', '$1;', $data);
$data = preg_replace('/(&#x*[0-9A-F]+);*/iu', '$1;', $data);
$data = html_entity_decode($data, ENT_COMPAT, 'UTF-8');
// Remove any attribute starting with "on" or xmlns
$data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#iu', '$1>', $data);
// Remove javascript: and vbscript: protocols
$data = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`\'"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', '$1=$2nojavascript...', $data);
$data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', '$1=$2novbscript...', $data);
$data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*-moz-binding[\x00-\x20]*:#u', '$1=$2nomozbinding...', $data);
// Only works in IE: <span style="width: expression(alert('Ping!'));"></span>
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?expression[\x00-\x20]*\([^>]*+>#i', '$1>', $data);
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?behaviour[\x00-\x20]*\([^>]*+>#i', '$1>', $data);
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*+>#iu', '$1>', $data);
// Remove namespaced elements (we do not need them)
$data = preg_replace('#</*\w+:\w[^>]*+>#i', '', $data);
do
{
// Remove really unwanted tags
$old_data = $data;
$data = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $data);
}
while ($old_data !== $data);
// we are done...
return $data;
}

How to apply it? it’s easy … all you have to do is use the antixss function for every php method you need, for example POST, then it becomes antixss ($ _ POST [‘variable_name’]); Consider the following example:

1
2
3
4
5
//Apply the XSS Injection function to the POST or GET method
//Example for POST
$nama = antixss($_POST['nama']);
//Example for GET
$nama = antixss($_GET['nama']);

Very easy isn’t it !!! … I myself to get this function has sailed to China … hehe. I have applied various methods, but this function is very simple and practical. Because my heart is good, I share this free antixss script to all readers of DetriAmelia.com blog

Well, maybe that’s my first article about Prevent XSS Injection Attacks on PHP Easily. Hopefully there are benefits, if there are any questions, please write your comments below. Don’t forget to visit my blog often, because I will continue to write other more useful articles.

Tags: PHPSecurity WebXSS Injection
ShareTweetShare

Related Posts

PHP Forms - Validation With Required Fields
PHP

14. PHP Forms – Validation With Required Fields

Hi everyone, this time we will discuss about PHP Validation using the Required Field. Not many people know, it turns...

15/02/2020
PHP Form Handling
PHP

13. New Performing PHP Form Handling

Detriamelia.Com - Running form functions in PHP is not difficult. By using the $ _POST and $ _GET methods it...

13/02/2020
Learn PHP Global Variables - Superglobals With Example
PHP

12. Learn PHP Global Variables – Superglobals With Example

On this occasion, we will discuss Global and Superglobal Variables. These variables are some that are very important to implement....

20/01/2020
PHP Array Example, Complete Editions
PHP

11. PHP Array Example, Complete Editions

Welcome back to the PHP programming learning page. This time we will discuss arrays, more precisely arrays in PHP. Arrays...

17/01/2020
Next Post
GIS Tutorial with Leafletjs (Popup and Marker Modifications)

GIS Tutorial with Leafletjs (Popup and Marker Modifications)

Adding Modern and Beautiful Link Effects with CSS3

Adding Modern and Beautiful Link Effects with CSS3

Comments 6

  1. Atika Yahya says:
    4 years ago

    Ya ampun, simple sekali ternyata… save my year searching…

    Reply
    • Detri Amelia Chandra says:
      4 years ago

      hehe, dan ternyata ini sangat ampuh loo…

      Reply
  2. Beren Warsidi says:
    4 years ago

    Sangat bermanfaat… sudH sisi kan satu…

    Reply
    • Detri Amelia Chandra says:
      3 years ago

      Thank you…

      Reply
  3. daftar main sbobet says:
    3 years ago

    I was recommended by one of my friends on facebook to watch
    out your article. Great job bro… looking for more from yours.
    However good luck with your channel…

    Reply
  4. firm positioning Site Web says:
    3 years ago

    Keyword phrases are the foundation of organic positioning.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

PHP Forms - Validation With Required Fields

14. PHP Forms – Validation With Required Fields

15/02/2020
install-apache-mysql-and-php-in-ubuntu-18-04-lts-part-2

3. How to Install Apache, MySQL and PHP in Ubuntu 18.04 LTS Part 2

11/11/2019
Beautify Bootstrap Modal Animation With Animate.CSS

Beautify Bootstrap Modal Animation With Animate.CSS

02/04/2019
PHP Loop (While, For, Foreach) Definition and Example

9. PHP Loop (While, For, Foreach) Definition and Example

15/01/2020

Instagram Feed

  • Sekolah sambil bermain...
  • Produk mahasiswa semester 5 Pendidikan Teknologi Informasi STKIP Rokania..
Kran dispenser otomatis (sensor)
#arduino
#PTI Ok
#STKIPRokania
#AyoKuliahDiRokania
  • Salah satu produk mahasiswa Pendidikan Teknologi Informasi STKIP Rokania...Pemanfaatan Internet Of Thing pada Lampu dan CCTV otomatis dengan Telegram Bot..

#StkipRokania
#PendidikanTeknologiInformasi
  • "Golden Time" yang tidak bisa diputar dan diulang tetapi tersimpan di inner child nya dan diingat selamanya..
  • Selamat atas M.Kom nya yah...semoga ada Reski untuk studi selanjutnya ya...
  • HOME
  • GIS
  • HTML
  • Bootstrap
  • CSS
  • Javascript
  • Ubuntu
  • Useful Tools
Detriamelia.Com

© 2022 Detri Amelia Chandra - IT Tips and Programming Tutorials.

No Result
View All Result
  • HOME
  • GIS
  • HTML
  • Bootstrap
  • CSS
  • Javascript
  • Ubuntu
  • Useful Tools
    • URL Redirect Tool
    • URL Download Encryptor