Jochem Maas napsal(a):
Martin Zvarík schreef:
What's the point?
If user puts in a search input something like <script>alert('I am super
hacker');</script>
And the website outputs:
You are searching for: <script>....</script>
then what? it shows an alert(), who cares?
replace the alert() with some code that passes the cookie to a hacker controlled
domain. now create a URL that includes the given javascript:
echo 'http://mzvarik.com/foo?somevar='.urlencode('<script
type="text/javascript">/*evil code here*/</script>');
send url to unsuspecting users of your site. anyone know clicks the URL
has just had their cookies hijacked.
still don't mind?
AHA, I see.
There's a PHP configuration that cookies are available on HTTP side
only, that should provide the desired security in this case, right?
