
Cross-site scripting made big waves a few years ago when it was discovered
in several popular Web-based e-mail providers. XSS is still unfortunately a very
common vulnerability in Web applications. Defensive coding techniques require
www.syngress.com
An Introduction to Web Application Security • Appendix B 467
Figure B.29 Passing Credentials to the Third-Party Site Via an Image Tag
Figure B.30 Appending Form Values to a window.open Command
Figure B.31 And the Resulting Effect
315_PTG_AppB.qxd 11/22/04 12:23 PM Page 467