XSS: REQUEST_URI run through htmlspecialchars() - then replacing & with & - enough to prevent XSS injection?

Sijmen Ruwhof made this interesting point that I feel is relevant.

I once used really weird code for escaping urls, but I bet this can be done better, furthermore this does not cover the html specialchars yet, it was just used for saving urls to the database.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.

Related Questions