View Full Version : Cross Site Scripting Help

04-09-2011, 06:32 AM
My website failed a PCI scan because of cross site scripting. The report gave an example of the code:


I don't understand how to code against this security failure. My site has an index.php file so I'm assuming I have to add some code in that file since the domain URL defaults to using that file.

I have a sanitize function being used on all the fields coming from the index.php file already. But I guess I'm still missing something.

Thanks for any help...

04-09-2011, 06:38 AM
Do you allow anything to be passed through the query string?

04-09-2011, 06:47 AM
Well, I have some of the fields passing data thru but they are run thru my sanitize function so I think they are ok. I guess I'm a bit puzzled about that Foo argument and how to detect/filter it? So I guess I don't know how to filter arguments that not coming from my fields. Something is just not connecting in my brain.