I am curious is that any build in or easier way to encode string to xHH format in PHP? I am trying to implement rule 3 and rule 4 from XSS OWASP Prevention with build in function or easier approach. but, I can’t find any in the internet.
as far as I found, I need to make manual encoder/decoder for ‘string to xHH’ format in PHP.
expected code in php
print(StringToXHH("foo"));
// output --> x66x6fx6f
any idea?
Advertisement
Answer
Have a look at the answer in this SO question How do I pass variables and data from PHP to JavaScript?, specifically the section 3. Echo the data directly to JavaScript.
It isn’t exactly the answer to your question, but addresses the overall issue.
tldr: use json_encode().