slides/web-app-security/xss.xml
Cross-Site Scripting
12/28
Hash with Form
Defeating XSS
  • • Interactive features of your site are used as unwitting carriers of client-side attacks
  • • Anywhere you display external input:
  • • User profile
  • • Forums
  • • Error pages (the URL is external input)