I am using Netsparker community edition for checking my app for any general security holes. I'm getting a lot of following XSS probable issue areas:
my_php_file.php?nsextt=" stYle=x:expre/**/ssion(alert(9)) ns="
Code in my_php_file.php is not accepting any
So how I am supposed to fix this sort of XSS problems if I'm not even using those
Also in pages where I do use
$_GET params I get this:
my_php_file2.php?id=" stYle=x:expre/**/ssion(alert(9)) ns="
I do filter all incoming params (for example id from last snippet):
And after all that I even run result of previous in preg to allow only digits in that id param.