coercive/xss

Coercive Security Router

Maintainers

Details

github.com/Coercive/Xss

Homepage

Source

Issues

Installs: 1 244

Dependents: 1

Suggesters: 0

Security: 0

Stars: 3

Watchers: 3

Forks: 0

Open Issues: 0

0.0.8 2024-01-30 10:08 UTC

Requires

  • php: >=7

MIT de5667bab5276fa75070770ca8b4347057cee980

This package is auto-updated.

Last update: 2024-04-30 00:29:52 UTC

README

A simple detection of XSS attack in url. like '<' '>' and quotes...

Get

composer require coercive/xss

Load

use Coercive\Security\Xss;

# Test URL
$url = "https://mywebsite.com/?var='%22><script>alert();</script>";

# Load with construct param
$xss = new XssUrl($url);

# Or use setUrl on an alredy loaded instance
$xss = new XssUrl;
$xss->setUrl($url);

# Detect
if($xss->isXss()) { die; }

New detection optimisation

# Test encoded url with script => alert('XSS')
$url = "&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x0027&#x29";

# Load with construct param
$xss = new XssUrl($url);

# Show example
echo '<a href="'.$url.'">BEFORE<a>';
echo '<br />';
echo '<a href="'.$xss->getFiltered().'">AFTER<a>';