Protecting Website from Cross Site Script Attack

Web pages are containing growing extents of dynamic display personalized for individual clients and this will lead to more vulnerability such as cross-site scripting attack and the potential stealing of confidential user data. XSS is take place when web application accepted malicious scripting code then web browser will execute the malicious script code that has been injected directly to the customer' s computer. In this paper a secure code PHP functions is proposed to avoid XSS attack using two approaches the first one white list of regular expression is used to validate the input data as trusted input and another black list of regular expression used to protect every input entry that has the potential to inject a malicious script in it so even if the attacker inject XSS script code in the input field this code wi ll not be executed it just will be removed. This work use vulnerable PHP web site to evaluate the effectiveness of the proposed system before and after applying it and the result clearly show the difference in the results and capability of system to prevent XSS attack.