I’m running two PHP application on web server. I have to questions 1. I replaced “on” to on using str_replace to prevent XSS attack. so if someone tries “onreadystatechange=’something'”, it appears like “onreadystatechange=’something’ on admin’s page… (Budget: $30-$250 USD, Jobs: Javascript, Web Security)
