(XSS) comes in picture.
What is XSS?
Refer folowing url
< src="" text="< script">alert(document.cookie)< / script>"> < / iframe>
In this way you can insert any of your script in another webpages and fool the users to get important information from them. But normally in such kind of attckes user never understand that there important information is being hacked by some other application.
This is the simple thing and will not cause much damage to your sitee, but attacker can do much more than this with the help of XSS.
Other XSS attacks
This kind of attacks are done for hacking user accounts , changing of user settings, cookie theft, or advertising.
How to prevent such attacks ?
Clensing the Query String variables is the only way you can prevent such attackers.
Clensing the Query String - PHP :
string strip_tags ( string $str [, string $allowable_tags ] )
This function tries to return a string with all HTML and PHP tags stripped from a given str.
string htmlentities ( string $string [, int $quote_style [, string $charset [, bool $double_encode ]]] )
use above functions or you can write your own function which combines all such stripping functionlities.
Contact us to solve cross site scripting issues in your site : Click Here