View XSS Protection in 5 common contexts
<?php | |
/** | |
* XSS protection function for HTML context only | |
* @usecases | |
* <title>use this function if output reflects here or as a content of any HTML tag.</title> | |
* e.g., <span>use this function if output reflects here</span> | |
* e.g., <div>use this function if output reflects here</div> | |
* @description | |
* Sanitize/Filter < and > so that attacker can not leverage them for JavaScript execution. |