knonnefappy
New Member
I have a form where users enter in a web template and they can preview it in their browser.This page is only viewable by them:\[code\]<?phpecho "<title>".htmlspecialchars($_POST['title'], ENT_QUOTES)."</title><br/>";echo nl2br($_POST['body']);?>\[/code\]I realized when testing this that it can access my local css files/js files. This made me wonder if this can possibly lead to a security attack?The sites cookies have the domain flag and httponly flag. If the client tried to XSS they would only be exploiting themselves right?Is it safe for my web server to echo $_POST?