Is XSS possible when using htmlspecialchars and https prefix check in href?
There is a standard XSS exploitation technique where one can use javascript keyword in <a href=””> to execute javascript code. Example:
<a href=”javascript:alert(42);”>please clickme</a>
Let’s us consider PHP code wh… Continue reading Is XSS possible when using htmlspecialchars and https prefix check in href?