Told you I don’t update often…
Anyway, I did a small update to that validation project. Apparently, it allowed for xss attacks. Good thing there’s nothing valuable to get from my site (I think). So, for example, if I was to enter the following in the sitemap text box
blah.xml "/><script type="text/javascript">alert("hi");</script><input type="hidden
an alert would come up that says “hi”. I think I solved the problem by using htmlspecialchars. And just to be safe, I used the same solution for displaying the urls in the table. You can try it here. Unfortunately, I don’t have a lot of experience in xss. Is there anything I’m missing or should be more aware of?