Cross Site Scripting
In some of my earlier posts we have seen that JavaScript vulnerabilities could cause havoc, particularly if JavaScript in one application opened in a browser window is able to access the data of an application opened up in another browser window. That was one type of vulnerability and there were more that were formed as a security policy by Netscape when it introduced JavaScript on its browser. These policies to avoid such vulnerabilities were coined with the name Cross Site Scripting (CSS, usually confused with Cascading Style Sheets). The types of CSS and explanation of each of them is available on the wikipedia. Fortunately a lot of these policies are implemented in the browsers so we do not need to do anything from the application side. A little old but a worth reading whitepaper “Cross Site Scripting Explained” has explained CSS in a neat way and how to check if your site is protected from it.
