-
Type:
Defect
-
Resolution: Cannot Reproduce
-
Priority:
Major
-
Affects Version/s: None
-
Component/s: Security
-
None
Jeff Atwood wrote a nice blog article on Cross Site Scripting (XSS) attacks.
http://www.codinghorror.com/blog/archives/001167.html
It give recommendations on how to avoid accedently allowing users to insert malicous java scripts into our applicaiton.
I also think using Bulletin Board Code (BBCode) would still be fairly effective too.
Here is another link that explains in detail how XSS attacks work:
http://en.wikipedia.org/wiki/Cross-site_scripting
http://www.codinghorror.com/blog/archives/001167.html
It give recommendations on how to avoid accedently allowing users to insert malicous java scripts into our applicaiton.
I also think using Bulletin Board Code (BBCode) would still be fairly effective too.
Here is another link that explains in detail how XSS attacks work:
http://en.wikipedia.org/wiki/Cross-site_scripting
