Cross Site Scripting (XSS)
Vulnerabilities, Attacks, and Mitigations |
Prof. David Bernstein
|
Computer Science Department |
bernstdh@jmu.edu |
A
element, the URL of a redirect, the
contents of a FORM
element) of
a trigger document (e.g., an unsubscribe link
in an email message) that references the page on the
trusted server
The "Modern" (e.g., Desktop Widgets, Gadgets, Desklets) Case - file://
Request to the Local File System
Document
(e.g., Document.write()
)echo
, print/print()
,
printf()
header()
setcookie()
FORM
is written into
a document using PHPA
element
http-refresh
document.location
in JavaScript)SUBMIT
element
Form
object's submit()
method in the Body
object's onload
handler)A
elements, FORM
elements)onload
handler written
in JavaScript)Content-Length
does not include
the size of the header so the additions
can't be detected easilyMETA
elementsFORM
element)href
of A
elements)
using htmlentities()
in PHP) of data written into "dynamic" documents (e.g.,
<p>
becomes <p>
)
encode()
in JavaScript)
of data written into URLs (e.g., a space becomes
%20
)HttpOnly
Cookies: