Hacker News new | past | comments | ask | show | jobs | submit login

    <h1> <? echo $y->title; ?> </h1>
You forgot htmlspecialchars and now you have XSS. Which is why facebook built XHP originally:

https://www.facebook.com/notes/facebook-engineering/xhp-a-ne...




Could've sanatized the input before saving it to the database :p




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: