File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

XSS attack - prevention - AJAX ?

 
kri shan
Ranch Hand
Posts: 1453
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Whether AJAX implementations prevent XSS(Cross-site scripting) ?
 
Gregg Bolinger
GenRocket Founder
Ranch Hand
Posts: 15302
6
Chrome IntelliJ IDE Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
kri shan wrote:Whether AJAX implementations prevent XSS(Cross-site scripting) ?


No. The server generally takes care of scrubbing the data (simply by html encoding the data).
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64173
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ajax is just another way of initiating HTTP requests -- as Gregg pointed out, your code is still responsible for cleansing the data.
 
kri shan
Ranch Hand
Posts: 1453
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
AJAX is server side Java Script implementation. I guess XSS attack is on the client side Scripting. Am i right ?
 
Gregg Bolinger
GenRocket Founder
Ranch Hand
Posts: 15302
6
Chrome IntelliJ IDE Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
kri shan wrote:AJAX is server side Java Script implementation.


No, it is not. Ajax is a technique used to send an HTTP request to a server via JavaScript without the need to refresh the browser's page.

kri shan wrote:I guess XSS attack is on the client side Scripting. Am i right ?


You don't know what XSS is and you are asking how to prevent it? I suggest you do some reading.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic