is it safe to run echo formatted datetime in php in terms of xss attack?

Short: Yes. If your value wouldn’t be a date, it would just cause an error:

<?php
$d=new DateTime (" <script> malicious </script>");
#test
echo $d->format("y");
/*will cause something like 
Fatal error: Uncaught Exception: DateTime::__construct(): Failed to parse time string ( <script> malicious </script>)*/

CLICK HERE to find out more related problems solutions.

Leave a Comment

Your email address will not be published.

Scroll to Top