How to defeat the new No. 1 security threat: cross site scripting

Cross site scripting, often abbreviated XSS, is a class of Web security issues. A recent research report stated that XSS is now the top security risk. In a typical XSS scenario, a Web page might use JavaScript to dynamically generate some document content based on a field in a Uniform Resource Identifier (URI). In the normal course of events, the site itself would generate legitimate information for that field.

If, however, the script that generated the new content did not filter the URI, it would be possible for an attacker to feed the page a custom-designed URI that ran a script. The script could do almost anything, and the user would never know that he wasn't seeing legitimate content unless the hijacker was blatant How to defeat the new No. 1 security threat: cross-site scripting

Linked by shanmuga Saturday, 30th September 2006 7:41AM