Top "Xss" questions

How exactly do you configure httpOnlyCookies in ASP.NET?

Inspired by this CodingHorror article, "Protecting Your Cookies: HttpOnly" How do you set this property? Somewhere in the web config?

asp.net cookies xss httponly

XSS filtering function in PHP

Does anyone know of a good function out there for filtering generic input from forms? Zend_Filter_input seems to …

php filter xss

Java Best Practices to Prevent Cross Site Scripting

I have gone through the OWASP top ten vulnerabilities and found that Cross-Site Scripting is the one we have to …

java security xss

How do I prevent people from doing XSS in Spring MVC?

What should I do to prevent XSS in Spring MVC? Right now I am just putting all places where I …

spring jsp spring-mvc xss html-escape-characters

How to properly escape html form input default values in php?

Given the following two html/php snippets: <input type="text" name="firstname" value="<?php echo $_POST['firstname']; ?>" /&…

php html forms xss

Chrome: ERR_BLOCKED_BY_XSS_AUDITOR details

I'm getting this chrome flag when trying to post and then get a simple form. The problem is that the …

google-chrome xss

A simple example of a Cross-site scripting attack

Can someone show me a Cross-site scripting attack in effect on my browser? Is there an example on the internet …

xss

how to set Http header X-XSS-Protection

I have tried to put this: <meta http-equiv="X-XSS-Protection" content="0"> in the <head> tag but have …

internet-explorer http-headers xss

How to temporarily disable XSS protection in modern browsers for testing?

Is it possible to temporarily disable the XSS protection found in modern browsers for testing purposes? I'm trying to explain …

javascript html security xss

Error: Permission denied to access property "document"

I have a HTML Document which contains an iframe. Whenever I try to access or modify this iframe with JS …

javascript html iframe xss access-control