Web Security

  1. 身為 Web 工程師,你一定要知道的幾個 Web 資訊安全議題
    https://medium.com/starbugs/%E8%BA%AB%E7%82%BA-web-%E5%B7%A5%E7%A8%8B%E5%B8%AB-%E4%BD%A0%E4%B8%80%E5%AE%9A%E8%A6%81%E7%9F%A5%E9%81%93%E7%9A%84%E5%B9%BE%E5%80%8B-web-%E8%B3%87%E8%A8%8A%E5%AE%89%E5%85%A8%E8%AD%B0%E9%A1%8C-29b8a4af6e13
  2. http://www.lenashane.com/article/20151104-1035.html
  3. http://cwe.mitre.org/data/definitions/79.html

PHP: Format output string retrieved from DB

$str = '<script>alert("ok");</script>';
echo filter_sql($str);

function filter_sql($str){
    $str = htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
    return $str;
}
  1. htmlspecialchars & htmlpurifier
    https://stackoverflow.com/questions/1996122/how-to-prevent-xss-with-html-php