O'Reilly logo

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them by John Viega, David LeBlanc, Michael Howard

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

SIN 3WEB CLIENT–RELATED VULNERABILITIES (XSS)

OVERVIEW OF THE SIN

The advent of desktop and web-based gadgets and widgets has ushered in a more common kind of sin: that of the type-0, or DOM-based, cross-site scripting vulnerability. Notice we said “more common” and not “new”; these sins are not new, but they have become more common over the last couple of years.

The two most sinful forms of code that suffer type-0 XSS are

Image Gadgets and widgets

Image Static HTML pages on the user’s computer

A gadget or widget is nothing more than a mini-application built ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required