for XSS protection in PHP I am using
htmlspecialchars($text,ENT_QUOTES,"UTF-8");
I read about how grave accents can be used as quotes. I am wondering is htmlspecialchars enough or should I also run a string replace for grave accents?
for XSS protection in PHP I am using
htmlspecialchars($text,ENT_QUOTES,"UTF-8");
I read about how grave accents can be used as quotes. I am wondering is htmlspecialchars enough or should I also run a string replace for grave accents?
Grave accents have no special meaning within HTML so are not an XSS attack vector there (unless you embed them in a context where they do have special meaning, but I can't think of any such contexts supported by HTML).