This week's book giveaway is in the Kotlin forum.
We're giving away four copies of Kotlin in Action and have Dmitry Jemerov & Svetlana Isakova on-line!
See this thread for details.
Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

XSS proofing  RSS feed

 
Lou Karst
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Everyone, I'm new to web programming, and have only ran my server side code from an IDE so far. I stumbled onto the topic of XSS and I just wanted to make sure I got the concept right. So the gist of it is that like a SQL injection, if I send form data with code inside of it I can change the behavior of a servlet and access information I am normally not allowed to see? It's caused by using variables in the out.println() argument instead of strings? Is this accurate? Thanks.
 
Tim Moores
Saloon Keeper
Posts: 3888
91
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, that's not quite what happens. Here's an introduction: http://www.cert.org/advisories/CA-2000-02.html
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!