Please create an account to participate in the Slashdot moderation system


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Sanitizing user imput is the most important par (Score 2, Informative) 157

Although sanitizing user input gets the job done, what one should be doing is sanitizing the output .

An XSS attack exists because you are dynamically generating a web page with content you didn't intend: which contains executable script instead of where you intended dumb text (that you got from a database or that was entered earlier on by a (another) user). Sanitizing user input (which is the only factor you don't control) will help but if I enter <script>1+1</script> as some comment on for example a JavaScript forum, I would expect it to appear like that !

The definite solution to getting rid of XSS attacks is to use a modern toolkit that actively prevents this without ANY effort from the programmer. Like Wt for example does.

Slashdot Top Deals

This is the theory that Jack built. This is the flaw that lay in the theory that Jack built. This is the palpable verbal haze that hid the flaw that lay in...