How to avoid XSS Attack or Sanitize the $_GET's KEY parameter via PHP

Question

I just tested a link below, will have XXS attack on IE11.

http://example.net/test/?"*alert(1)*"

I had find many of the way to sanitize the url parameter. Mostly all the solution is sanitize $_GET's value instead of $_GET's key like this url Sanitize $_GET parameters to avoid XSS and other attacks

But above's url i provide when i print_r my $_GET is Array ( ["*alert(1)*"] => )

So can i know how to avoid this kind of attack ? They attack using $_GET's key instead of value.

Thanks lot.

Answer 1

founded my solution, I need rewrite HTACESS to redirect from http call to https. so that in https environment it will prevent xss attack when they type in their url.

Answer 2

XSS attacks occurs when printing malicious code but the code should be executable according to HTML and JavaScript rules. for instance, printing *alert(1)* will not issue any alert (will not be executed) if its not properly written. however,

<script>alert(1)</script>

and

<div onclick="alert(1);"...>

Will be executed.

For more detail you can see XSS (Cross Site Scripting) Prevention Cheat Sheet