• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to avoid XSS (Cross Site Scripting)?

 
Ranch Hand
Posts: 273
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Guys:

I know that XSS happens because of malicious data/script injected into a webpage before sending to the client and it appears as if it came from the original site. It does lot of damages to the user like password theft, credit card sniff etc.

Can you tell me how to avoid this:

1. During development?
2. During run-time by the user/client?

Thanks,
Guru
 
Ranch Hand
Posts: 413
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you want to try use XSS, cookie stealing and other web hacking things (and it really helps to understand how to prevent it), go to
http://www.hackthissite.org , register and go through "realistics mission" chalenges. there are fun, and educational
 
author
Posts: 15385
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well the only way that code can get injected into a page that affects other users is if you let it happen. You need to strip out script tags, and escape user input if it is being displayed for everyone to view.

Eric
 
Never trust an airline that limits their passengers to one carry on iguana. Put this tiny ad in your shoe:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic