XSS Protection

From Easy PHP Calendar Instructions
Jump to: navigation, search

By default, the calendar will attempt to remove any text or code from events that could be potentially dangerous. Such code could be used to perform cross-site scripting attacks (XSS) or SQL injection.

If there is a need to add text or code (such as JavaScript) to events that is potentially not safe and is currently being stripped by the XSS protection function, XSS protection can be disabled so that anything can be posted.

Do not do this unless you trust everyone that is adding events using the Event Manager!

To disable XSS protection for the Event Manager, modify the events/headerCustom.inc.php file (remove .new if the file has not been previously renamed), and add the code below in the PHP code area:

$disableXSSProtection=1;