Link Worth

Defense against XSS attacks

Written by OpenMindLeader on 8:08 PM

he best defense against XSS attacks is good filtering of input.

If you allow users to send messages to each other, for example, you really must filter all input from the sender to make sure it's secure.

In some cases this might be obvious, but consider the case where you allow a user to input a website URL on their profile pages:

Some sites will allow you to enter a URL, then they will display it as a clickable link such as:

URI

If you don't filter spaces from the input, and quote marks, a user can abuse this to be malicious by giving http://foocome" onMouseOver="alert(hello) as input. This leads to the malicious

http://foocome" onMouseOver="alert(document.cookie)

No Comment comment  

Related Posts by Categories



Widget by Hoctro | Jack Book

  1. 0 comments: Responses to “ Defense against XSS attacks ”

Post a Comment

Subscribe to: Post Comments (Atom)