xss - Escape <script> tag in PHP search function breaks CSS of website
Get the solution ↓↓↓I have the following input on my search.php:
<input type="text" id="inputboxSearch" name="q" value="<?php if(isset($_GET["q"])){echo htmlspecialchars($_GET["q"], ENT_QUOTES, 'UTF-8');} ?>"
and the following code on results.php page:
<input type="text" id="inputboxSearch" name="q" value="<?php if(isset($_GET["q"])){echo htmlspecialchars($_GET["q"], ENT_QUOTES, 'UTF-8');} ?>"
$query = isset($_GET['q']) ? filter_var($_GET["q"], FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '';
$query = strip_tags($query);
$query = trim($query);
<?php if ($query != '') {echo "You searched for '" . htmlspecialchars($query) . "' ";}?>
The script runs fine with every search term but the CSS of the website breaks if the search starts with the term < script (without space)
What is the proper and secure way to search for < script > ?
Share solution ↓
Additional Information:
Link To Answer People are also looking for solutions of the problem: call to undefined function illuminate\encryption\openssl_cipher_iv_length()
Didn't find the answer?
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Similar questions
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.