danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2025-01-21 21:31:13 +01:00
Code Issues Projects Releases Wiki Activity

Update TaintedTextWithQuotes.md

Browse Source
This commit is contained in:
Matthew Brown 2021-06-10 17:55:07 -04:00 committed by GitHub
parent f2f5f1eaa2
commit eb3e395138
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/running_psalm/issues/TaintedTextWithQuotes.md
View File

@ -32,7 +32,7 @@ Passing `');alert('injection');//` as a `GET` param here would would cause the `
## Mitigations
- Sanitize user-input by using functions such as `htmlentities` or use an allowlist.
- Sanitize user input by using functions such as `htmlentities` with the `ENT_QUOTES` flag or use an allowlist.
- Set all cookies to `HTTPOnly`.
- Consider using Content Security Policy (CSP), to limit the risk of XSS vulnerabilities.