Cross-Site Scripting (XSS) Attack Remediation

Source: dzone.com

Cross-Site Scripting (XSS) Attack Remediation
Preventing XSS

Various factors should be considered while acting on XSS Attacks, for example:

  • Input type in the HTTP request
  • Locations of the HTML document where data would be included

Note

  • A defense that works in one context (such as an HTML attribute) might not work in another context (such as a JavaScript variable assignment)
  • A defense that works with one kind of input (such as input validation and output encoding for a username) will not work with other kinds of input (such as sanitization for untrusted HTML).

We need to use a different output encoding function based on where you are inserting untrusted data into the webpage!
Read Full Article On dzone.com
Community Partners
Namecheap

Shift

Become a Partner?
DevOps Careers
    • Add a Job?