Hey,
Having a nightmare at the moment with trying to iron out security bugs in a shopping basket to make it pass a security scan.
One of the errors that comes back is the possible chance of Cross Site Scripting (XXS)
Basically, when the "buy" button is clicked, the browsers url has "%2F" inserted into it, and this is causing the problem.
After doing some research into it, it seems I need to add a function that removes that part?
The URL that displays when click the button is as follows.
http://mysite/basket.php?src=%2Fpage-title.php&productID=1061011
Hope this makes sense! 
__________________
"I always wanted the adoration of John Lennon - With The Anonimity of Ringo Starr..."
QuizBay Help with the testing of this Beta site!
|