Hackerss.com

hackerss
hackerss

Posted on

Php Validate input string for cross site scripting


function validateInput($input) {
  //check if input is empty
  if(empty($input)) {
    return false;
  }
  //check if input is a string
  if(!is_string($input)) {
    return false;
  }
  //check if input contains html tags
  if(strpos($input, '<') !== false || strpos($input, '>') !== false) {
    return false;
  }
  //check if input contains comments
  if(strpos($input, '<!--') !== false || strpos($input, '-->') !== false) {
    return false;
  }
  //return true if all checks pass
  return true;
}

//example
$result = validateInput('<h1>Hello World</h1>');

//output
echo $result; //false
Enter fullscreen mode Exit fullscreen mode

Top comments (0)