CompTIA CASP+ Exam: Web Application Transaction Logs - Code Snippet Implementation

Code Snippet Implementation for Web Application Transaction Logs

Question

A developer is reviewing the following transaction logs from a web application: Username: John Doe - Street name: Main St.

Street number: <script>alert('test')</alert> Which of the following code snippets should the developer implement given the above transaction logs?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C.

The transaction logs provided show that the web application may be vulnerable to a cross-site scripting (XSS) attack, as the street number field appears to contain an injected script that will execute when loaded by a victim's browser.

To address this vulnerability, the developer should implement input validation and sanitization techniques to prevent malicious scripts from being executed.

Option A: if ($input != strcmp($var1, <>)) {die();}

This option appears to use the strcmp() function to compare the $input variable to an empty value. However, this does not provide any protection against XSS attacks and is not a recommended solution for input validation and sanitization.

Option B: <form name=form1 action=/submit.php onsubmit=return validate() action=POST>

This option appears to suggest using a form with a custom validation function called "validate()" to validate user input before submitting the form to the server via POST. However, the code for the validation function is not provided, so it is unclear if it includes any specific protections against XSS attacks.

Option C: $input=strip_tags(trim($_POST['var1']));

This option uses the strip_tags() function to remove any HTML tags from the $input variable, and the trim() function to remove any leading or trailing spaces. This technique can help prevent XSS attacks by removing any HTML or script tags that may be present in the user input.

Option D: <html><form name=myform action=www.server.com/php/submit.php action=GET.

This option does not provide any input validation or sanitization techniques to protect against XSS attacks. It is simply a form with an action to submit user input to a server via GET.

Therefore, Option C appears to be the most appropriate choice for implementing input validation and sanitization techniques to protect against XSS attacks.