This week's book giveaway is in the OCPJP forum.
We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line!
See this thread for details.
The moose likes HTML, CSS and JavaScript and the fly likes How to avoid XSS (Cross Site Scripting)? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "How to avoid XSS (Cross Site Scripting)?" Watch "How to avoid XSS (Cross Site Scripting)?" New topic
Author

How to avoid XSS (Cross Site Scripting)?

Gurumurthy Ramamurthy
Ranch Hand

Joined: Feb 13, 2003
Posts: 272
Guys:

I know that XSS happens because of malicious data/script injected into a webpage before sending to the client and it appears as if it came from the original site. It does lot of damages to the user like password theft, credit card sniff etc.

Can you tell me how to avoid this:

1. During development?
2. During run-time by the user/client?

Thanks,
Guru
Yuriy Fuksenko
Ranch Hand

Joined: Feb 02, 2001
Posts: 413
If you want to try use XSS, cookie stealing and other web hacking things (and it really helps to understand how to prevent it), go to
http://www.hackthissite.org , register and go through "realistics mission" chalenges. there are fun, and educational
Eric Pascarello
author
Rancher

Joined: Nov 08, 2001
Posts: 15376
    
    6
Well the only way that code can get injected into a page that affects other users is if you let it happen. You need to strip out script tags, and escape user input if it is being displayed for everyone to view.

Eric
 
 
subject: How to avoid XSS (Cross Site Scripting)?