XSS in my Login Page

Hi
Can you help me secure my login page? I ran some security scans and I keep getting some XSS vulnerabilities on my login page.
any thoughts?
Thank you
XSS.JPG
1195 x 481 - 110K

Comments

  • If you pre-populate any form fields with values that came from user input, then you should sanitize them prior to printing out to the screen. For example, instead of this:

    <input name="username" value="<?php echo $username; ?>" />
    do this:
    <input name="username" value="<?php echo htmlspecialchars($username); ?>" />
  • That seems to have fixed it:
    <input name="username" value="<?php echo htmlspecialchars($username); ?>"/>
    just had to take out the space after the last ( " ) and ( /> )
    Thank you for your help.
This discussion has been closed.