-
Defect
-
Resolution: Cannot Reproduce
-
Major
-
None
-
None
Jeff Atwood wrote a nice blog article on Cross Site Scripting (XSS) attacks.
http://www.codinghorror.com/blog/archives/001167.html
It give recommendations on how to avoid accedently allowing users to insert malicous java scripts into our applicaiton.
I also think using Bulletin Board Code (BBCode) would still be fairly effective too.
Here is another link that explains in detail how XSS attacks work:
http://en.wikipedia.org/wiki/Cross-site_scripting
http://www.codinghorror.com/blog/archives/001167.html
It give recommendations on how to avoid accedently allowing users to insert malicous java scripts into our applicaiton.
I also think using Bulletin Board Code (BBCode) would still be fairly effective too.
Here is another link that explains in detail how XSS attacks work:
http://en.wikipedia.org/wiki/Cross-site_scripting
