Prevent XSS Vulnerability
| 开发者 | sasiddiqui |
|---|---|
| 更新时间 | 2021年7月14日 23:12 |
| PHP版本: | 3.5 及以上 |
| WordPress版本: | 5.7 |
| 版权: | GPLv3 |
| 版权网址: | 版权信息 |
详情介绍:
This plugin provides the functionality for
Reflected XSS and Self-XSS.
For Reflected XSS, it checks the URL and redirects it if you enabled the Enable Blocking option and URL contains any Vulnerable code in it. It only block some parameters which are not allowed in URL and shown Block Parameters section. You can skip some of the parameters from it if you still like them to be used.
To provide more security, Prevent XSS Vulnerability also escape the HTML in the $_GET parameter which is commonly used to get parameters in PHP from the URL and print them in the HTML. This way, HTML properties will not work if anyone provided it in the URL.
There are many ways by which the plugin can be tested but it may varies for different sites according to their structure and development functionality.
安装:
This process defines you the steps to follow either you are installing through WordPress or Manually from FTP.
From within WordPress
- Visit 'Plugins > Add New'
- Search for Prevent XSS Vulnerability
- Activate Prevent XSS Vulnerability from your Plugins page.
- Go to "after activation" below.
- Upload the
prevent-xss-vulnerabilityfolder to the/wp-content/plugins/directory - Activate Prevent XSS Vulnerability through the 'Plugins' menu in WordPress
- Go to "after activation" below.
- Navigate to the
Prevent XSS Vulnerabilitypage from the Admin Dashboard - Make the changes as per your site functionality
- You're done!
常见问题:
Q. Why should I install this plugin?
A. Installing this plugin is the easiest way to prevent your site from XSS Vulnerability.
Q. Does this plugin escape HTML in printing search?
A. Yes, this plugin escape HTML in $_GET variable which is mostly use to print the data from the URL to HTML. If your site is using $_GET then it is safe and the HTML will be escaped otherwise you need to check.
Q. Does this plugin has any conflict with any other plugin?
A. No, this plugin doesn't have any conflict with any plugin.
更新日志:
2.0.0 - Jul 14, 21
- Bug
- Unable to execute bulk actions of WooCommerce orders when this plugin is enabled
- Bulk actions dont work (ie bulk delete pages, images)
- Facing conflict issue while perform bulk delete option on post
- Enhancements
- Include other/extra parameters
- Fixed WPCS issues
- Enhancements
- Escape array values
- Set headers to prevent caching before redirect
- Applied PHP Standard and removed couple of discouraged methods
- For the changelog of earlier versions, please refer to the separate changelog.txt file.