From 0535d73fc94d357492b16d9a473bb40d2aea12ba Mon Sep 17 00:00:00 2001
From: ZeroPath <noreply@zeropath.com>
Date: Mon, 7 Apr 2025 03:01:11 +0000
Subject: [PATCH 1/2] fix: enhance XSS protection with ENT_SUBSTITUTE flag and
 sanitization

---
 test/index.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/test/index.php b/test/index.php
index 824e08c..caf4481 100644
--- a/test/index.php
+++ b/test/index.php
@@ -6,8 +6,9 @@
     die('Invalid input');
 }
 
-// Convert to string and sanitize
+// Convert to string and apply strict XSS protection
 $input = (string)$_GET['test'];
-echo htmlspecialchars($input, ENT_QUOTES | ENT_HTML5, 'UTF-8', true);
+$sanitized = htmlspecialchars($input, ENT_QUOTES | ENT_HTML5 | ENT_SUBSTITUTE, 'UTF-8', true);
+echo $sanitized;
 
 ?>

From 9f9f13f811be6b52ee1e9cf2daebf910f61a7a2b Mon Sep 17 00:00:00 2001
From: ZeroPath <noreply@zeropath.com>
Date: Mon, 7 Apr 2025 03:02:28 +0000
Subject: [PATCH 2/2] refactor: simplify XSS protection while maintaining
 security

---
 test/index.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/test/index.php b/test/index.php
index caf4481..0a56b64 100644
--- a/test/index.php
+++ b/test/index.php
@@ -8,7 +8,6 @@
 
 // Convert to string and apply strict XSS protection
 $input = (string)$_GET['test'];
-$sanitized = htmlspecialchars($input, ENT_QUOTES | ENT_HTML5 | ENT_SUBSTITUTE, 'UTF-8', true);
-echo $sanitized;
+echo htmlspecialchars($input, ENT_QUOTES | ENT_HTML5, 'UTF-8', true);
 
 ?>