LFS Forum - LFSWorld Replay Analyzer Non-persistent XSS

The online racing simulator

(5 posts, started Thu, 26 Aug 2010 11:50)

#1 - pezia

LFSWorld Replay Analyzer Non-persistent XSS

Thu, 26 Aug 2010 11:50

The raf1 and raf2 parameters are embedded directly into the HTML code.

#2 - Flame CZE

Thu, 26 Aug 2010 11:52

What do you mean?

#3 - pezia

Thu, 26 Aug 2010 12:01

#4 - Flame CZE

Thu, 26 Aug 2010 12:04

Heh, that should be fixed by htmlspecialchars() or another function.

#5 - pezia

Thu, 26 Aug 2010 12:18

Quote from Flame CZE :Heh, that should be fixed by htmlspecialchars() or another function.

I prefer htmlentities, with $quote_style = ENT_QUOTES

(5 posts, started Thu, 26 Aug 2010 11:50)

FGED GREDG RDFGDR GSFDG