Comment Re:Cross-site scripting?? (Score 2, Interesting) 360
http://www.apache.org/info/css-security/ has a good explanation and some links.
The basic example is that you have a web page that asks for the user's name in a text entry field and then displays "Hi [name]"
I come along and instead of entering my name I end the text entry with "> and then proceed to write javascript or whatever that performs some function on the server. It gets more interesting that that though.
The basic example is that you have a web page that asks for the user's name in a text entry field and then displays "Hi [name]"
I come along and instead of entering my name I end the text entry with "> and then proceed to write javascript or whatever that performs some function on the server. It gets more interesting that that though.
