core error

Cross Site Scripting (XSS)

Posted on: 02/09/2011

Cross Site Scripting is a type of computer security vulnerability in web applications which consists in inserting JavaScript code into the attacked page’s html/js code.

For example:

With this setup and if the site is not well protected we could inject some code really easily:

Any website allowing users to send data which is going to be part of the page itself (forums, blogs, forms, etc.) is a potential victim form XSS. To protect our sites from this technique we should server-sid detect any dangerous input coming from the users and escape it or strip it when displaying our html/javascript code.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


  • None
  • Justin Cooney: Great comic, this made me laugh!
  • Justin Cooney: Interesting, I didn't know about the Google App Engine, I'm glad I found your article on it!


%d bloggers like this: