Cross-Site Attacks

An emerging breed of Web-based attacks is based on abusing trust by spoofing the origin of malicious information. The two most common examples of this style of attack are cross-site scripting (XSS) and cross-site request forgeries (CSRF).

Cross-Site Scripting

Cross-site scripting is a style of attack that involves the injection of malicious code into a site that is trusted by the victim. As an example, consider a Web-based forum, where users all view messages posted by each other. Imagine a user who posts the following message:

<script>alert('Danger’)</script> 

All users who view this post and have JavaScript enabled will execute this script as if it originated from the current Web site. Although this example is harmless ...

Get HTTP Developer’s Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.