SitePoint Sponsor

User Tag List

Results 1 to 2 of 2

Thread: Prevent XSS

  1. #1
    padawan silver trophybronze trophy markbrown4's Avatar
    Join Date
    Jul 2006
    Location
    Victoria, Australia
    Posts
    4,108
    Mentioned
    28 Post(s)
    Tagged
    2 Thread(s)

    Prevent XSS

    Which parts of Javascript make XSS a security problem?

    Can we simply override document.cookie to prevent it being stolen?

    Thanks,

  2. #2
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't think you're going to have much success fighting xss attacks from javascript. There's definitely some things you can do depending on the situation and what you're trying to protect against, but there's no simple answer. You should probably spend most of your time trying to prevent the xss in the first place. It's hard to prevent something you don't understand, so take a look at some attack vectors to get a better understanding of some of the ways its done http://ha.ckers.org/xss.html

    As far as cookies go, read up on the httponly flag. http://www.owasp.org/index.php/HttpOnly


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •