Top "Xss" questions

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users.

How exactly do you configure httpOnlyCookies in ASP.NET?

Inspired by this CodingHorror article, "Protecting Your Cookies: HttpOnly" How do you set this property? Somewhere in the web config?

asp.net cookies xss httponly
XSS filtering function in PHP

Does anyone know of a good function out there for filtering generic input from forms? Zend_Filter_input seems to …

php filter xss
Java Best Practices to Prevent Cross Site Scripting

I have gone through the OWASP top ten vulnerabilities and found that Cross-Site Scripting is the one we have to …

java security xss
How do I prevent people from doing XSS in Spring MVC?

What should I do to prevent XSS in Spring MVC? Right now I am just putting all places where I …

spring jsp spring-mvc xss html-escape-characters
How to properly escape html form input default values in php?

Given the following two html/php snippets: <input type="text" name="firstname" value="<?php echo $_POST['firstname']; ?>" /&…

php html forms xss
Chrome: ERR_BLOCKED_BY_XSS_AUDITOR details

I'm getting this chrome flag when trying to post and then get a simple form. The problem is that the …

google-chrome xss
A simple example of a Cross-site scripting attack

Can someone show me a Cross-site scripting attack in effect on my browser? Is there an example on the internet …

xss
how to set Http header X-XSS-Protection

I have tried to put this: <meta http-equiv="X-XSS-Protection" content="0"> in the <head> tag but have …

internet-explorer http-headers xss
How to temporarily disable XSS protection in modern browsers for testing?

Is it possible to temporarily disable the XSS protection found in modern browsers for testing purposes? I'm trying to explain …

javascript html security xss
Error: Permission denied to access property "document"

I have a HTML Document which contains an iframe. Whenever I try to access or modify this iframe with JS …

javascript html iframe xss access-control