SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #1939

Back to the previous page... Back to the previous page

Test Case IDCandidate1939
Bad / Good / MixedBadBad test case
Author
Associations
Test suite: 31  
Added byRomain Gaucher
LanguagePHP
Type of test caseSource Code
Input stringq=<script>alert(/XSS/)</script>
Expected Outputq=&lt;script&gt;alert(/XSS/)&lt;/script&gt;
Instructions
Submission date2007-03-08
DescriptionThe test case shows a basic Cross-Site Scripting in PHP. The associate level of defense is 2. Here we show how to use the replacements of the characters <,>,\',\" etc.
File(s)
Flaw

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-079: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') on line(s): 17, 18