Solved

XSS - How to verify cross site scripting in code

Posted on 2014-03-26
2
424 Views
Last Modified: 2014-04-01
This may be a really boneheaded question, but XSS doesn't exist in code unless input is taken in from the user and returned in the response without ever being validated, correct?  Meaning, if I take in input from the user, save it without validation, but never return it to the user, it is NOT XSS, correct?

Please set me straight!

Thanks
0
Comment
Question by:zrick1234
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 39957927
Nope.  Cross-site scripting (XSS) is where another site runs their scripts on your web page.  A common and normally acceptable version is tracking code for Google and other advertisers.  Unacceptable versions add code and even entire sections to your page with code that reports back to them.  It can includes forms that ask for usernames and passwords to 'phish' information from your users.

It has often been used in third-party advertisements to deliver viruses.  MySpace and Yahoo have both been used for that and probably Facebook too though I don't currently know of any examples.

http://en.wikipedia.org/wiki/Cross-site_scripting
0
 

Author Closing Comment

by:zrick1234
ID: 39970869
Thank you
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question