for the majority of the web program ape. In web design, we have a cascading style sheet called CSS. So in order to avoid confusion, we put the cross-site scripting called XSS.
2. cross site scripting
almost all of the web site to see a search box. With this search box, you can search and find the information stored in the web site. This >
What is the
cross site scripting (XSS) is one of the loopholes in the current web application in the most dangerous and most common. Security researchers in the most popular websites, including Facebook, Amazon, noble baby, PayPal have found this loophole. If you pay close attention to the bug bounty program that will find the most frequently reported problem belongs to XSS. In order to avoid cross site scripting, the browser also has its own filters, but security researchers can always try to bypass these filters.
now, let’s go back to the XSS attack. This vulnerability input data receiving user in web applications without the necessary encoding. If there is no correct encoding and filtering on the user input data, the injected malicious script will be sent to other users. In the browser, it has no way to know it should not believe the legitimacy of a script. The browser will normally take this script as a common script, this time malicious operations can occur. Most of the time, XSS cookie is used to steal, steal or effective user session token session to session hijacking.
in this article, we will see what is cross site scripting and how to create a filter to prevent it. We will also see several open source libraries, will help you repair XSS vulnerabilities in Web applications.
cross site scripting attacks is a Web application attack, the attacker attempts to inject malicious script code to perform malicious actions on the trusted site. In cross site scripting attacks, malicious code execution in the affected user’s browser, and the impact on users. Also known as the XSS attack. You may have a question that is why we call it "XSS", rather than "CSS".