Security Check

In Progress

I'm running two PHP application on web server.

I have to questions

1. I replaced "on" to o&#110 using str_replace to prevent XSS attack. so if someone tries "onreadystatechange='something'",

it appears like "o&#110readystatechange='something' on admin's page.

is there any way to put "'onreadystatechange='something'"?

for example i tried "o\nreadystatechange='', "o nreadystatechange" my application put it as it is, but javascript didnt work.

2. I replaced "" to &lt,&gt so if someone tries put ,

it shows &ltimg src=""&gt on my admin's page.

is there any how to put on my admin's page?

I cant show you my website, it's groupware and companian's only

I'm asking these because I got to know so I can protect my application

thank you for read,

and if my budget's too small then let me know

Skills: Javascript, Web Security

See more: lt security, security questions, security check, protect javascript using php, protect javascript php, protect javascript, admin check, protect website attack, security admin, protect website admin, attack page, website check security, php security check, javascript website security, xss attack, php web security check, xss php, groupware, web server security, php check xss, xss attack php, check xss attack, php xss attack example, check textarea filled javascript, check incoming url javascript

Project ID: #4164153

Awarded to:


I am a well known security expert and i can do you job in few hours. See PM

$30 USD in 1 day
(1 Review)

5 freelancers are bidding on average $32 for this job


I can provide you with the best web application security advice you can get.

$30 USD in 1 day
(6 Reviews)

That is not the way to do it. You should use php functions to escape special characters. I can give you a few pointers.

$30 USD in 1 day
(2 Reviews)

I teach secure web development classes and would be happy to help you. More info in the PM.

$30 USD in 1 day
(0 Reviews)

send me some code I will take a look at it

$40 USD in 0 days
(0 Reviews)