|
ArticleXSS
Everything you ever wanted to know about cross-site scripting (XSS) attacks
This section provides a detailed discussion of cross-site scripting (XSS) attacks in various contexts within a HTML document, how they can be exploited, and generic methods for avoiding them. If you are unfamiliar with XSS, start with Introduction to Cross-Site Scripting Vulnerabilities. These articles provide examples for each of the specific classes of Cross-Site-Scripting vulnerabilities. The examples are given in the form of HTML snippets which include Python-style string substitutions, which were chosen to keep the examples independent from any particular templating or HTML rendering infrastructure. For example, the HTML snippet <title>Example document: %(title)</title> is intended to illustrate a template snippet that, if the variable title has value Cross-Site Scripting, results in the following HTML to be emitted to the browser: <title>Example document: Cross-Site Scripting</title> The examples in this document are based on JavaScript (ECMAScript). Of course, similar examples could be constructed using other scripting languages supported by the victim's browser (such as VBScript). For each class of XSS vulnerability (which are based on the context within a HTML document where the injection occurs, such as regular body text, within an href attribute, etc), we provide
Further reading
|
|||||||
Sign in to add a comment
