Image

CHAPTER4

Cross-Site Scripting Defense

Cross-site scripting, or “XSS,” is a form of attack executed by including untrusted data, such as malicious JavaScript code, into the victim’s web browser. Simply put, XSS is attacker-driven code running within client browsers or other JavaScript engines. XSS attacks are perpetrated by inserting malicious JavaScript or JavaScript fragments into a host website where it’s later executed in victims’ web browsers when the host site is viewed.

XSS is one of the most common vulnerabilities found across the Web. In our personal experience, 80–90 percent of websites subjected to intensive penetration testing exhibited ...

Get Iron-Clad Java now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.