Category:OWASP PHP AntiXSS Library Project

Introduction
AntiXSS is a class for use with PHP 5+ that helps to reduce XSS (cross-site scripting) vulnerabilities by automatically encoding output to behave only as intended.

Requirements

 * PHP5 and above
 * mb_string PHP extension

Installation
- Make sure the mb_string extension is available with your PHP installation. If you are using Apache on Windows, this can most likely be done by adding (or un-commenting) a line in your php.ini file. On other platforms, you may need to recompile PHP. See http://us2.php.net/mb_string for more information.

- To make the code available to your program, include the owasp.antixss.php file, using a line like this: require_once "/path/to/owasp.antixss.php";

- It is not necessary to instantiate the class, though you may if you wish. Instead, make calls using the Scope Resolution Operator , like this: echo AntiXSS::HTMLEncode($myOutput);

HTML
Hello,  !

JavaScript
... alert(myFunction(''); ...

URL
... http://example.com/myscript.php? ...

XML
">

Downloads

 * owasp.antixss.php
 * demo.owasp.antixss.php