Question

A developer is reviewing the following transaction logs from a web application:

Username: John Doe -
Street name: Main St.
Street number: script alert('test')

Which of the following code snippets should the developer implement given the above transaction logs?

A. if ($input != strcmp($var1, ג€<>ג€)) {die();}
B.
C. $input=strip_tags(trim($_POST['var1']));
D. Hide Solution

Answer 1

The developer should use the strip_tags(trim($_POST['var1'])) function to sanitize user input and prevent XSS attacks, by cleansing the input of any HTML or script tags.

Step-by-step explanation:

The question involves a web application security issue, specifically how to mitigate the risk of cross-site scripting (XSS) attacks as indicated by the transaction logs from a user input. In this case, the user's input for a street number contains a script tag, which is a common vector for XSS attacks. To sanitize user input, the developer should implement code that will strip out any potential HTML or script tags and make sure only clean data is processed by the web application.

The correct code snippet to prevent this type of attack would be:

Option C:

$input=strip_tags(trim($_POST['var1']));

This function first trims whitespace from the beginning and end of the input using the trim function and then strips out any HTML and PHP tags using the strip_tags function which prevents the execution of any malicious scripts.