Last active
March 1, 2016 08:06
-
-
Save apurvagupta/5b9a88b48e829dadd95c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Solutions: | |
//Solution #1 : Validation Code snippet: | |
<?php if (preg_match('/^[ A-Za-z0-9_@.#&-]*$/', $_GET['query'])) { ?> | |
<div class="column prepend-1 span-24 first last"> | |
<h2>Pictures that are tagged as '<?= $_GET['query'] ?>'</h2> | |
<?php thumbnail_pic_list($pictures); ?> | |
</div> | |
<?php } else { ?> | |
<div class="column prepend-1 span-21 first last"> | |
<h3 class="error">Not Valid Format</h3> | |
</div> | |
<?php } ?> | |
//Solution #2 : Escape the html tags: | |
$guest["comment"] = htmlspecialchars($guest["comment"], ENT_QUOTES); | |
//Solution #3 : Whitelisted html tags: | |
$guest["comment"] = strip_tags($guest["comment"], '<b><img>'); | |
//Solution #4 : Replacing the onload with onlaad: | |
if(stripos($guest["comment"],"onload") > 0){ | |
$guest["comment"]= str_ireplace("onload","onlaad", $guest["comment"]); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment