• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 493
  • Last Modified:

XSS - How to verify cross site scripting in code

This may be a really boneheaded question, but XSS doesn't exist in code unless input is taken in from the user and returned in the response without ever being validated, correct?  Meaning, if I take in input from the user, save it without validation, but never return it to the user, it is NOT XSS, correct?

Please set me straight!

Thanks
0
zrick1234
Asked:
zrick1234
1 Solution
 
Dave BaldwinFixer of ProblemsCommented:
Nope.  Cross-site scripting (XSS) is where another site runs their scripts on your web page.  A common and normally acceptable version is tracking code for Google and other advertisers.  Unacceptable versions add code and even entire sections to your page with code that reports back to them.  It can includes forms that ask for usernames and passwords to 'phish' information from your users.

It has often been used in third-party advertisements to deliver viruses.  MySpace and Yahoo have both been used for that and probably Facebook too though I don't currently know of any examples.

http://en.wikipedia.org/wiki/Cross-site_scripting
0
 
zrick1234Author Commented:
Thank you
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now