A simple example of a Cross-site scripting attack [closed]
See http://www.insecurelabs.org and http://www.insecurelabs.org/task/ Intentionally vulnerable to XSS in the search field and several other places.
xss
How does XSS work?
Cross Site Scripting basically is a security vulnerability of dynamic web pages where an attacker can create a malicious link to inject unwanted executable JavaScript into a Web site. The most usual case of this vulnerabilities occurs when GET variables are printed or echoed without filtering or checking their content. When a victim clicks the … Read more
What is Cross Site Script Inclusion (XSSI)?
This is typically a problem if you are using JSONP to transfer data. Consider a website consisting of a domain A that loads data from domain B. The user has to be authenticated to site A and B, and because the Same Origin Policy prevents older browsers from communicating directly with a different domain (B) … Read more
When is it best to sanitize user input?
Unfortunately, almost no one of the participants ever clearly understands what are they talking about. Literally. Only Kibbee managed to make it straight. This topic is all about sanitization. But the truth is, such a thing like wide-termed “general purpose sanitization” everyone is so eager to talk about is just doesn’t exist. There are a … Read more
Preventing XSS in Node.js / server side javascript
I’ve created a module that bundles the Caja HTML Sanitizer npm install sanitizer http://github.com/theSmaw/Caja-HTML-Sanitizer https://www.npmjs.com/package/sanitizer Any feedback appreciated.