Solved

XSS - How to verify cross site scripting in code

Posted on 2014-03-26
2
415 Views
Last Modified: 2014-04-01
This may be a really boneheaded question, but XSS doesn't exist in code unless input is taken in from the user and returned in the response without ever being validated, correct?  Meaning, if I take in input from the user, save it without validation, but never return it to the user, it is NOT XSS, correct?

Please set me straight!

Thanks
0
Comment
Question by:zrick1234
2 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 39957927
Nope.  Cross-site scripting (XSS) is where another site runs their scripts on your web page.  A common and normally acceptable version is tracking code for Google and other advertisers.  Unacceptable versions add code and even entire sections to your page with code that reports back to them.  It can includes forms that ask for usernames and passwords to 'phish' information from your users.

It has often been used in third-party advertisements to deliver viruses.  MySpace and Yahoo have both been used for that and probably Facebook too though I don't currently know of any examples.

http://en.wikipedia.org/wiki/Cross-site_scripting
0
 

Author Closing Comment

by:zrick1234
ID: 39970869
Thank you
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

"Disruption" is the most feared word for C-level executives these days. They agonize over their industry being disturbed by another player - most likely by startups.
Synchronize a new Active Directory domain with an existing Office 365 tenant
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

823 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question