core error

Cross Site Scripting (XSS)

Posted on: 02/09/2011


Cross Site Scripting is a type of computer security vulnerability in web applications which consists in inserting JavaScript code into the attacked page’s html/js code.

For example:


With this setup and if the site is not well protected we could inject some code really easily:

Any website allowing users to send data which is going to be part of the page itself (forums, blogs, forms, etc.) is a potential victim form XSS. To protect our sites from this technique we should server-sid detect any dangerous input coming from the users and escape it or strip it when displaying our html/javascript code.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


  • None
  • Justin Cooney: Great comic, this made me laugh!
  • Justin Cooney: Interesting, I didn't know about the Google App Engine, I'm glad I found your article on it!

Categories

%d bloggers like this: