Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

XSS - How to verify cross site scripting in code

Posted on 2014-03-26
2
Medium Priority
?
457 Views
Last Modified: 2014-04-01
This may be a really boneheaded question, but XSS doesn't exist in code unless input is taken in from the user and returned in the response without ever being validated, correct?  Meaning, if I take in input from the user, save it without validation, but never return it to the user, it is NOT XSS, correct?

Please set me straight!

Thanks
0
Comment
Question by:zrick1234
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 1500 total points
ID: 39957927
Nope.  Cross-site scripting (XSS) is where another site runs their scripts on your web page.  A common and normally acceptable version is tracking code for Google and other advertisers.  Unacceptable versions add code and even entire sections to your page with code that reports back to them.  It can includes forms that ask for usernames and passwords to 'phish' information from your users.

It has often been used in third-party advertisements to deliver viruses.  MySpace and Yahoo have both been used for that and probably Facebook too though I don't currently know of any examples.

http://en.wikipedia.org/wiki/Cross-site_scripting
0
 

Author Closing Comment

by:zrick1234
ID: 39970869
Thank you
0

Featured Post

Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question