Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to avoid XSS (Cross Site Scripting)?

 
Gurumurthy Ramamurthy
Ranch Hand
Posts: 273
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Guys:

I know that XSS happens because of malicious data/script injected into a webpage before sending to the client and it appears as if it came from the original site. It does lot of damages to the user like password theft, credit card sniff etc.

Can you tell me how to avoid this:

1. During development?
2. During run-time by the user/client?

Thanks,
Guru
 
Yuriy Fuksenko
Ranch Hand
Posts: 413
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you want to try use XSS, cookie stealing and other web hacking things (and it really helps to understand how to prevent it), go to
http://www.hackthissite.org , register and go through "realistics mission" chalenges. there are fun, and educational
 
Eric Pascarello
author
Rancher
Posts: 15385
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well the only way that code can get injected into a page that affects other users is if you let it happen. You need to strip out script tags, and escape user input if it is being displayed for everyone to view.

Eric
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic