How can escaping be improved in the '<img src="$1" class="wide" />' code snippet?

The issue with the '<img src="$1" class="wide" />' code snippet is that the variable $1 is not properly escaped, leaving it vulnerable to potential injection attacks. To improve escaping, we can use the htmlspecialchars() function to encode special characters in the $1 variable before outputting it in the HTML code.

&lt;?php
$src = htmlspecialchars($1);
echo &#039;&lt;img src=&quot;&#039; . $src . &#039;&quot; class=&quot;wide&quot; /&gt;&#039;;
?&gt;

Keywords

escaping HTML PHP security XSS

How can escaping be improved in the '<img src="$1" class="wide" />' code snippet?

Keywords

Related Questions