aspose file tools*
The moose likes Security and the fly likes XSS attack - prevention - AJAX  ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "XSS attack - prevention - AJAX  ?" Watch "XSS attack - prevention - AJAX  ?" New topic
Author

XSS attack - prevention - AJAX ?

kri shan
Ranch Hand

Joined: Apr 08, 2004
Posts: 1373
Whether AJAX implementations prevent XSS(Cross-site scripting) ?
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299
    
    6

kri shan wrote:Whether AJAX implementations prevent XSS(Cross-site scripting) ?


No. The server generally takes care of scrubbing the data (simply by html encoding the data).
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61226
    
  66

Ajax is just another way of initiating HTTP requests -- as Gregg pointed out, your code is still responsible for cleansing the data.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
kri shan
Ranch Hand

Joined: Apr 08, 2004
Posts: 1373
AJAX is server side Java Script implementation. I guess XSS attack is on the client side Scripting. Am i right ?
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299
    
    6

kri shan wrote:AJAX is server side Java Script implementation.


No, it is not. Ajax is a technique used to send an HTTP request to a server via JavaScript without the need to refresh the browser's page.

kri shan wrote:I guess XSS attack is on the client side Scripting. Am i right ?


You don't know what XSS is and you are asking how to prevent it? I suggest you do some reading.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: XSS attack - prevention - AJAX ?