Ensure to escape all data before output to prevent XSS.

I have uploaded an OpenCart Extension, but it is requested by the reviewer " Ensure to escape all data before output to prevent XSS." I have designed it according to OpenCart Standards What should I do now ?

You should make sure to test the entire app for XSS and fix any vulnerabilities. If you are not sure what XSS means or how it works, check here for some great examples: https://www.veracode.com/security/xss

To fix it, consider using regular expressions to make sure input is in the proper format, or use htmlspecialchars() on input that doesn’t have a specific format (like a search field).

1 Like

Thank you for your kind response. But I have developed the OpenCart Extension which is already secure regarding XXS. I have checked the OpenCart default extensions they have the same methodology as i did. They donot use htmlspecialchars() on input fields on admin panel.

Hi

Hope this will help you to understand and fix the issues: https://forum.opencart.com/viewtopic.php?t=102623

Thanks

1 Like

Thank you for sharing the forum link. I have already fixed the issue using this forum. Thanks again.

1 Like