I have the following php code
<?php
$Output = '<table><thead><tr>';
$Output .= '<th>Display</th></tr></thead><tbody>';
for ($k = 0; $k < count($ColumnsInSQL); $k++) {
$Output .= '<tr><td>'.$KS_ResultSet_level[$k][strtoupper(trim($ColumnsInSQL[$k]))].'</td></tr>';
}
$Output .= '</tbody></table>';
echo $Output;
?>
Recently I run the code in Veracode and I am getting issue with "echo $Output;".
Can anyone please help me to fix this?
Use htmlentities() to encode special characters in the variable data.
$Output .= '<tr><td>'.htmlentities($KS_ResultSet_level[$k][strtoupper(trim($ColumnsInSQL[$k]))]).'</td></tr>';
来源:https://stackoverflow.com/questions/45075881/how-to-fix-improper-neutralization-of-script-related-html-tags-in-a-web-page-b