How to perform Cross Site Scripting(XSS) [closed]

Question

Closed. This question needs to be more focused. It is not currently accepting answers.

---

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 4 years ago.

Improve this question

Can anyone please tell me how to perform Cross Site Scripting (XSS) in a website?What are the different types of scripts that can be inserted into textboxes,addressbar?

Answer 1

cross site scripting (xss) apper when you tring to print un filtered variable

simply he can use javascript codes like <script>alert(1)</script>

and any other html or js codes

to secure it i think you can use

htmlspecialchars() , htmlentites() , strip_tags()

but there is way to bypass htmlspecialchars only if magic_quotes is off and variable is on link

here can use onmouseout='alert(1)'

or some thing like this

there is the way to test and defend

bestregards