Advertisement

Preventing Cross-Site Scripting

  • Chris Snyder
  • Thomas Myer
  • Michael Southwell

Abstract

We continue our survey of secure PHP programming by discussing the threat to your users’ data posed by a highly specialized version of dangerous user input known as cross-site scripting (XSS). Unlike SQL injection (discussed in Chapter 3), which attempts to insert malicious SQL instructions into a database query that is executed out of public view, XSS attempts to insert malicious markup or JavaScript code into values that are subsequently displayed in a web page. This malicious code attempts to take advantage of a user’s trust in a website, by tricking him (or his browser) into performing some action or submitting some information to another, untrusted site.

Keywords

User Input Malicious Code Shopping Cart Style Attribute Single Quotation Mark 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Chris Snyder, Thomas Myer, and Michael Southwell 2010

Authors and Affiliations

  • Chris Snyder
  • Thomas Myer
  • Michael Southwell

There are no affiliations available

Personalised recommendations