Comments on: Preventing a WordPress XSS Attack: Complete Guide to Validating, Sanitizing, and Escaping Data https://wpshout.com/wordpress-xss-attack/ A hub for advanced WordPress users, developers & savvy business owners. Tue, 08 Dec 2020 01:35:22 +0000 hourly 1 https://wordpress.org/?v=6.4.3 By: Tim https://wpshout.com/wordpress-xss-attack/#comment-21420 Tue, 08 Dec 2020 01:35:22 +0000 https://wpshout.com/?p=14244#comment-21420 I am using esc_html, yet a security scan is still failing for a reflected XSS.

An URL value is passed like this:

to_amt=1″%27>%20

The PHP code renders it to the value and uses the esc_html function:

<input type="number" name="to_amt" " value="”>

Then it seems to swap the %27 for a backslash and the rendered code looks like this:

“>

Any idea why?

]]> By: David Hayes https://wpshout.com/wordpress-xss-attack/#comment-21419 Wed, 10 Jun 2020 02:46:03 +0000 https://wpshout.com/?p=14244#comment-21419 In reply to Aisha Henderson.

Thanks Aisha 🙂

]]> By: Aisha Henderson https://wpshout.com/wordpress-xss-attack/#comment-21418 Wed, 27 May 2020 14:36:27 +0000 https://wpshout.com/?p=14244#comment-21418 This is one of the best articles I’ve read in while concerning XSS attacks. Thank you for taking the time to share your knowledge.

]]> By: Lisa https://wpshout.com/wordpress-xss-attack/#comment-21417 Tue, 26 May 2020 19:40:05 +0000 https://wpshout.com/?p=14244#comment-21417 Tried to get the bonus video for the example of an XSS attack. When I input my email address, I get: Oops! It looks like there was an error: There was an error with your submission: 404: The requested resource could not be found.

]]> By: David Hayes https://wpshout.com/wordpress-xss-attack/#comment-21416 Mon, 23 Oct 2017 23:38:03 +0000 https://wpshout.com/?p=14244#comment-21416 Thanks Obi! Just added it 🙂

]]>