Solved

XSS - How to verify cross site scripting in code

Posted on 2014-03-26
2
421 Views
Last Modified: 2014-04-01
This may be a really boneheaded question, but XSS doesn't exist in code unless input is taken in from the user and returned in the response without ever being validated, correct?  Meaning, if I take in input from the user, save it without validation, but never return it to the user, it is NOT XSS, correct?

Please set me straight!

Thanks
0
Comment
Question by:zrick1234
2 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 39957927
Nope.  Cross-site scripting (XSS) is where another site runs their scripts on your web page.  A common and normally acceptable version is tracking code for Google and other advertisers.  Unacceptable versions add code and even entire sections to your page with code that reports back to them.  It can includes forms that ask for usernames and passwords to 'phish' information from your users.

It has often been used in third-party advertisements to deliver viruses.  MySpace and Yahoo have both been used for that and probably Facebook too though I don't currently know of any examples.

http://en.wikipedia.org/wiki/Cross-site_scripting
0
 

Author Closing Comment

by:zrick1234
ID: 39970869
Thank you
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question