doc/xss_resources.html - RealtimeRoboticsGroup/test - Gitiles

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 <html>
 <head>
   <title>Cross-Site Scripting Resources</title>

   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   <link href="designstyle.css" type="text/css" rel="stylesheet">
   <style type="text/css">
   <!--
   ol.bluelist li {
     color: #3366ff;
     font-family: sans-serif;
   }
   ol.bluelist li p {
     color: #000;
     font-family: "Times Roman", times, serif;
   }
   ul.blacklist li {
     color: #000;
     font-family: "Times Roman", times, serif;
   }
   //-->
   </style>
 </head>
 <body>

 <h1> <a name="XSS_Resources"></a>Cross-Site Scripting Resources</h1>
 <center><strong>Status: Current</strong> &nbsp;
 <small>(as of 17 August 2006)</small></center>
 <br>

 <p>Cross-Site Scripting (commonly abbreviated as XSS) is a security
 issue that arises when an attacker can cause client-side script (such as
 JavaScript) of his or her choosing to execute within another user's
 browser in the context of a given web-site or web-application.  This may
 allow the attacker to steal that user's session cookies for the
 web-application in question, or otherwise manipulate that user's session
 context.

 <p>XSS vulnerabilities most often arise if a web-application renders
 data that originated from an untrusted source (such as a query
 parameter) in a HTML document without carefully validating or escaping
 that data.

 <p>The following online resources provide further information on XSS
 vulnerabilities and how to avoid them:

 <ul>
   <li>The Open Web Application Security Project (OWASP) has an
   <a
     href="http://www.owasp.org/index.php/Cross_Site_Scripting">introductory
     article</a> on XSS.
   </li>

   <li>In addition, the OWASP's <a
     href="http://www.owasp.org/index.php/Category:OWASP_Guide_Project">Guide to Building Secure Web
     Applications and Web Services</a> and the <a
     href="http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project">"Top
     Ten" Vulnerabilities</a> include sections on XSS.
   </li>

   <li>The CERT Coordination Center published <a
     href="http://www.cert.org/tech_tips/malicious_code_mitigation.html">Understanding
     Malicious Content Mitigation for Web Developers</a> and <a
     href="http://www.cert.org/advisories/CA-2000-02.html">Advisory
     CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests</a>.

   </li>
 </ul>
 </body>
 </html>
	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
	<html>
	<head>
	<title>Cross-Site Scripting Resources</title>

	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
	<link href="designstyle.css" type="text/css" rel="stylesheet">
	<style type="text/css">
	<!--
	ol.bluelist li {
	color: #3366ff;
	font-family: sans-serif;
	}
	ol.bluelist li p {
	color: #000;
	font-family: "Times Roman", times, serif;
	}
	ul.blacklist li {
	color: #000;
	font-family: "Times Roman", times, serif;
	}
	//-->
	</style>
	</head>
	<body>

	<h1> <a name="XSS_Resources"></a>Cross-Site Scripting Resources</h1>
	<center><strong>Status: Current</strong>
	<small>(as of 17 August 2006)</small></center>
	<br>

	<p>Cross-Site Scripting (commonly abbreviated as XSS) is a security
	issue that arises when an attacker can cause client-side script (such as
	JavaScript) of his or her choosing to execute within another user's
	browser in the context of a given web-site or web-application. This may
	allow the attacker to steal that user's session cookies for the
	web-application in question, or otherwise manipulate that user's session
	context.

	<p>XSS vulnerabilities most often arise if a web-application renders
	data that originated from an untrusted source (such as a query
	parameter) in a HTML document without carefully validating or escaping
	that data.

	<p>The following online resources provide further information on XSS
	vulnerabilities and how to avoid them:

	<ul>
	<li>The Open Web Application Security Project (OWASP) has an
	<a
	href="http://www.owasp.org/index.php/Cross_Site_Scripting">introductory
	article</a> on XSS.
	</li>

	<li>In addition, the OWASP's <a
	href="http://www.owasp.org/index.php/Category:OWASP_Guide_Project">Guide to Building Secure Web
	Applications and Web Services</a> and the <a
	href="http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project">"Top
	Ten" Vulnerabilities</a> include sections on XSS.
	</li>

	<li>The CERT Coordination Center published <a
	href="http://www.cert.org/tech_tips/malicious_code_mitigation.html">Understanding
	Malicious Content Mitigation for Web Developers</a> and <a
	href="http://www.cert.org/advisories/CA-2000-02.html">Advisory
	CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests</a>.

	</li>
	</ul>
	</body>
	</html>