I'm running two PHP application on web server.
I have to questions
1. I replaced "on" to on using str_replace to prevent XSS attack. so if someone tries "onreadystatechange='something'",
it appears like "onreadystatechange='something' on admin's page.
is there any way to put "'onreadystatechange='something'"?
2. I replaced "" to <,> so if someone tries put ,
it shows <img src=""> on my admin's page.
is there any how to put on my admin's page?
I cant show you my website, it's groupware and companian's only
I'm asking these because I got to know so I can protect my application
thank you for read,
and if my budget's too small then let me know