RECRUITMENT AGENCY MANAGEMENT SYSTEM (Laravel) XSS Rejected!

Hi guys,

I need your help to understand how reviewers test the scripts for XSS. What tools are they using?
So that i can use it and fix the issue.

Its been rejected for XSS.

Thank you guys in advance.

Hello!

2 Likes

Hi,

Thank you for help, I will now check my whole code and start validating every input to avoid XSS issue.

Lets that my system has no issue in XSS and all inputs are validated. Do you think is it okay to resubmit?

Sorry this is my first time to join in this community and upload the project.

Thanks

Hello March023,

I think that most reviewers just test against basic XSS protection. Meaning that they only complain when it seems that you have no XSS protection in place, at all.

$str = strip_tags($input);

is the bare minimum protection that you can have in PHP.

For a more complete XSS protection, replace quotes with html entities in strings and find a way to prevent javascript: and vbscript: protocols.

Cheers!

1 Like

Thank you so much @Honeyside

I am now working with that, but I dont think I can resubmit it coz its a hard reject…

I feel bad for my hard reject, they dont give me a second chance to improve my project.

Anyway, I appreciate your help.

Thanks again