Monday, December 28, 2009

XSS vulnerability

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which enable malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.

One common way to solve is:

Ensure that parameters and user input are sanitized by doing the following:
# Remove < input and replace with <
# Remove > input and replace with >
# Remove ' input and replace with '
# Remove " input and replace with "
# Remove ) input and replace with )
# Remove ( input and replace with (