Cross-site scripting (XSS) allows criminals to introduce code through dynamic or interactive content such as via a web page, an interactive form, link, newsgroup posting, or any type of content that executes in your browser. HTML (Hyper Text Markup Language) is the common language web pages are delivered in. The code is made up of elements which provide the structure and control interpreted by your browser to present these web pages in a certain way. Elements within the HTML display colors, shapes, point to images, or play animation and even execute scripts. Once malicious code is executed it allows the criminal to take control of your browser. The result could be as insignificant as pop up ads or dramatic as delivering a worm.
The most common type of XSS is what we refer to as a Non-persistent XSS attack. In this type of attack a criminal will present you a specially constructed link for you to click on. It may be presented on a blog, a forum, a web page, an email, or such. Once you click on the link the code will be executed in your browser. It could just generate some annoying pop up ad, or direct change the link to command your browser to begin a download.
The mistake most people make is by thinking because the encoded URL, http://www.security.com/ index.php?name=%3c%73%63%72%69%70%74%3e, is presented there is nothing to hide. They believe the URL that has a friendly name like “security” may present some hidden code. The truth is, unless you can translate the hexadecimal meaning of the link above neither code may be safe. The key is where the link is presented. Any major company website like Microsoft, Symantec, Coca-Cola, Pepsi, Hewlett Packard, Dell and so on will have safe links. Emails from anyone you are expecting a link from because either you requested a link, or they told you they are sending a link, would be safe. Others would require a judgment call on your part. That’s why a good antivirus program with daily updates is so important. Very often it will detect a cross-site script and block it.
The other type of Cross-site scripting is a Persistent XSS attack. This occurs when the malicious code is stored on the server itself and delivered as the normal part of a web page. The most common delivery method is when a criminal is able to inject there malicious code in a database. Then every time the users of that web service view information calling up the data input by the criminal that user’s computer becomes infected.
As an example let’s take a factious site that facilitates the sale of sports memorabilia between its members. Out of respect for its members privacy the site keeps real names, emails and locations hidden. It only displays screen names between members.
14 thoughts on “What is Cross Site Scripting?”
whoah this weblog is excellent i really like studying your articles.
Stay up the great work! You realize, a lot of individuals are searching around for this
information, you can aid them greatly.
Hello, Neat post. There’s a problem along with your site in internet explorer, may test this?
IE still is the market leader and a large section of other people will
miss your great writing because of this problem.
Please post the problem you are experiencing and your browser version so we can fix it. The blog is optimized and tested with IE 10, Safari 5.1, Chrome 30.0 and Firefox 24.0. We have been unable to replicate any issues with these browsers.
Thank you for another great post. The place else may anyone get that type of info in such an ideal means of
writing? I’ve a presentation subsequent week, and I’m on
the search for such info.
I every time used to study piece of writing in news
papers but now as I am a user of net therefore from now
I am using net for articles or reviews, thanks to web.
I think everything published made a great deal
of sense. But, think about this, what if you added a little content?
I am not saying your content is not good., but
what if you added a title that grabbed people’s attention? I
mean What is Cross Site Scripting? | techblahblah is kinda plain. You ought to glance
at Yahoo’s front page and note how they create post titles to get viewers interested.
You might try adding a video or a pic or two
to grab readers excited about everything’ve written. In my opinion, it would make your posts a little livelier.
Thank you for your suggestions. I take them seriously.
I think the admin of this site is actually working hard for
his web page, because here every stuff is quality based material.
Useful info. Lucky me I discovered your site by accident, and I am shocked why this
coincidence didn’t took place earlier! I bookmarked it.
Site architecture is another thing you may be able to control depending on how or who set up your site.
In a totally unregulated industry with no recognized certifications or professional
association to determine who can call themselves an “SEO Expert”, business owners are on their
own to do their own investigating and due diligence to determine
who really can deliver results for their business.
You can search for the keywords that are the most searched by the readers.
Thanks to my father who told me aabout this blog, this webpage is truly awesome.
I constantly spent my half an hour to read this blog’s content every day along with
a muug of coffee.
It’s going to be finish of mine day, however before
fknish I am reading this enormous paragraph to increase myy knowledge.
Hello to every body, it’s mmy first pay a visit of this wweb site;
thios webpage consists oof remarkable and truly fine information in support of readers.