Top "Xss" questions

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users.

HTML-Entity escaping to prevent XSS

I have some user input. Within my code, I ensure that the following symbols are escaped: & -> &…

java html escaping xss owasp
IE8 XSS filter: what does it really do?

Internet Explorer 8 has a new security feature, an XSS filter that tries to intercept cross-site scripting attempts. It's described this …

internet-explorer-8 xss
NS_ERROR_FAILURE : Failure in Firefox

I'm using javascript's XMLHttpRequest object to send a request to another page (not on the same server or domainname ) I …

javascript ajax firefox xmlhttprequest xss
CSRF, XSS and SQL Injection attack prevention in JSF

I have a web application built on JSF with MySQL as DB. I have already implemented the code to prevent …

jsf xss sql-injection csrf owasp
Is it secure to use window.location.href directly without validation

Is it secure to use window.location.href without any validation? For example: <script> var value = window.location.…

javascript security xss href window.location
Allow All Content Security Policy?

Is it possible to configure the Content-Security-Policy to not block anything at all? I'm running a computer security class, and …

javascript web http-headers xss content-security-policy
Is jQuery .text() method XSS safe?

I have unescaped data from users. So is it safe to use like this: var data = '<test>…

javascript jquery security xss
XSS attacks and style attributes

There are known Style Attribute XSS attacks like: <DIV STYLE="width: expression(alert('XSS'));"> Or <DIV STYLE="…

javascript html coding-style xss
What are "top level JSON arrays" and why are they a security risk?

In the video below, at time marker 21:40, the Microsoft PDC presenter says it's important that all JSON be wrapped so …

javascript json security xss
Cross-site AJAX requests

I need to make an AJAX request from a website to a REST web service hosted in another domain. Although …

javascript ajax security xss