Hi all,

I'm looking at adding a new search feature to my site, and one of the
elements of this is to echo back in the search results page, the
original string the user searched for. Up until now, XSS hasn't (afaik)
been an issue for my site, but I can see from a mile off this will be.
What would you guys recommend to avoid this?

I'd thought initially of using a mixture of html_special_chars() and a
regex (as yet not sure what I'll be stripping out with this) to sanitise
the output for display on the results page, but is this enough?


Reply via email to