my item was soft rejected due to xss! issue. i check my script many time . i used HTML::encode() for prevent script execution, and every data comes from SQL are encoded, but reviewer still give reason of Xss! issue for soft reject. can you check my website to find out the loop hole in my script. and where is the place in which reviewer insert javascript in my website.
NOTE : my item based on YII2 advanced framework
kwike dating
Hey. How to check admin panel?
i not find xss in front end
thanks for review my item. sir i checked many time i never found any XSS issue. i think script has a feature of add adsense script to the website. so i think reviewer use this section to execute the js code in the script
Hi, Could you please help me to find whether my script has XSS vulnerabilities?
Hi!
Create new topic and maybe community will help you.
You can use HtmlPurifier helper.
Avoiding XSS is quite easy in Yii. There are generally two cases:
- You want data to be outputted as plain text.
- You want data to be outputted as HTML.
If all you need is plain text then escaping is as easy as the following:
<?= \yii\helpers\Html::encode($username) ?>
If it should be HTML we could get some help from HtmlPurifier:
<?= \yii\helpers\HtmlPurifier::process($description) ?>
Note that HtmlPurifier processing is quite heavy so consider adding caching.
i posted the demo link on the topic that i have created