Cross-Site Scripting - Wikiped
Cross-Site Scripting - Wikiped
scripting
Background
Microsoft security-engineers
introduced the term "cross-site
scripting" in January 2000.[4] The
expression "cross-site scripting"
originally referred to the act of loading
the attacked, third-party web
application from an unrelated attack-
site, in a manner that executes a
fragment of JavaScript prepared by
the attacker in the security context of
the targeted domain (taking
advantage of a reflected or non-
persistent XSS vulnerability). The
definition gradually expanded to
encompass other modes of code
injection, including persistent and non-
JavaScript vectors (including ActiveX,
Java, VBScript, Flash, or even HTML
scripts), causing some confusion to
newcomers to the field of information
security.[5]
Types
Non-persistent (reflected)
Contextual output
encoding/escaping of string input
Http-only cookie
Disabling scripts
See also
References
Further reading
MacKenzie, Thomas.
"ScriptAlert1.com – Concise Cross-
Site Scripting Explanation in Multiple
Languages" (http://www.scriptalert1.c
om) . Retrieved October 24, 2015.
"Preventing XSS in ASP.NET Made
Easy" (http://lockmedown.com/preven
ting-xss-in-asp-net-made-easy/) . Lock
Me Down | Security for the Everyday
Developer. February 6, 2015. Retrieved
October 24, 2015.
"Cross Site Scripting" (http://projects.
webappsec.org/Cross-Site-Scripting) .
The Web Application Security
Consortium. October 13, 2005.
Retrieved October 24, 2015.
External links
Retrieved from
"https://en.wikipedia.org/w/index.php?
title=Cross-site_scripting&oldid=1193062348"