I’m new to html, and I’m trying to prvent XSS attack in html output tag like
.
for example here is a some simple html code to text XSS hacking
<!DOCTYPE html>
<html>
<head>
<link rel="icon" type="image/x-icon" href="icon.png">
</head>
<body>
<style>
#edit {
position: absolute;
left: 50%;
top: 90%;
transform: translate(-50%, -50%);
width: 250px;
height: 50px;
background-color: #34495E;
font-size: 18px;
color: white;
}
#texta {
height: 90%;
width: 100%;
}
</style>
<?php
$myfile = fopen("text", "r+") or die("Unable to open file!");
if (filesize("text") == 0) {
$con = null ;
} else {
$con = fread($myfile,filesize("text"));
}
?>
<p><?php echo$con; ?></p>
<form action="save.php" method="post">
<textarea id="texta" name="txt" rows="30" cols="150"><?php echo $con; ?></textarea>
<input type="Submit" id= "edit" value="Save">
</form>
</body>
</html>
and here is the save.php which save the text in textarea.
<?php
$text = $_POST["txt"];
$file = fopen("text", "w+");
fwrite($file, $text);
fclose($file);
header("location: index.php");
die();
?>
I hacked it with XSS so easly, what should I add to the code to prevent XSS hack?