• Post Reply Bookmark Topic Watch Topic
  • New Topic

XSS proofing

 
Lou Karst
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Everyone, I'm new to web programming, and have only ran my server side code from an IDE so far. I stumbled onto the topic of XSS and I just wanted to make sure I got the concept right. So the gist of it is that like a SQL injection, if I send form data with code inside of it I can change the behavior of a servlet and access information I am normally not allowed to see? It's caused by using variables in the out.println() argument instead of strings? Is this accurate? Thanks.
 
Tim Moores
Saloon Keeper
Posts: 3250
54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, that's not quite what happens. Here's an introduction: http://www.cert.org/advisories/CA-2000-02.html
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!