I just tested a link below, will have XXS attack on IE11.
http://example.net/test/?"*alert(1)*"
I had find many of the way to sanitize the url parameter. Mostly all the solution is sanitize $_GET's value instead of $_GET's key like this url Sanitize $_GET parameters to avoid XSS and other attacks
But above's url i provide when i print_r my $_GET is Array ( ["*alert(1)*"] => )
So can i know how to avoid this kind of attack ? They attack using $_GET's key instead of value.
Thanks lot.