The Active Network
ActiveMac Anonymous | Create a User | Reviews | News | Forums | Advertise  
 

User Controls

New User

Login

Edit/View My Profile

ActiveMac

Articles

Forums

Links

News

News Search

Reviews

News Centers

Windows/Microsoft

DVD

ActiveHardware

Xbox

MaINTosh

News Search

ANet Chats

The Lobby

Special Events Room

Developer's Lounge

XBox Chat

FAQ's

Windows 98/98 SE

Windows 2000

Windows Me

Windows "Whistler" XP

Windows CE

Internet Explorer 6

Internet Explorer 5

Xbox

DirectX

DVD's

TopTechTips

Registry Tips

Windows 95/98

Windows 2000

Internet Explorer 4

Internet Explorer 5

Windows NT Tips

Program Tips

Easter Eggs

Hardware

DVD

Latest Reviews

Applications

Microsoft Windows XP Professional

Norton SystemWorks 2002

Hardware

Intel Personal Audio Player 3000

Microsoft Wireless IntelliMouse Explorer

Site News/Info

About This Site

Affiliates

ANet Forums

Contact Us

Default Home Page

Link To Us

Links

Member Pages

Site Search

Awards

Credits
©1997/2004, Active Network. All Rights Reserved.
Layout & Design by Designer Dream. Content written by the Active Network team. Please click here for full terms of use and restrictions or read our Privacy Statement.

  *  

  Writing Secure Code: Preventing Cross-Site Scripting
Time: 11:40 EST/16:40 GMT | News Source: Microsoft | Posted By: Chad Myers

Late last year, a vulnerability was discovered in a Web page in the passport.com domain that had a very subtle flaw similar to the example above. By sending a Hotmail® recipient a specially crafted e-mail, the attacker could cause script to execute in the passport.com domain because Hotmail is in the hotmail.passport.com domain. And this means the code could access the cookies generated by the Passport service used to authenticate the client. When the attacker replays those cookies (remember, a cookie is just a header in the HTTP request), he can spoof you and access data that only you could access. Not a good thing! About three years ago, no one had heard of cross-site scripting (XSS) issues, but now I think it's safe to say we hear of at least one or two issues per day on the Web. So what's the problem and why are they serious? The problem is two-fold:

  • Trusting input from an external, untrusted entity, such as a user
  • Displaying said input as output

This is bad because a malicious user could access another's important data, such as their cookies.

Write Comment
Return to News

  Displaying 476 through 476 of 476
Prev | First 		  The time now is 6:04:34 PM ET.
Any comment problems? E-mail us
#476 By 4240821 (142.111.231.75) at 4/5/2025 5:46:38 PM
https://telegra.ph/Costco-Stock-Grandmas-Journey-to-Financial-Freedom-04-03
https://telegra.ph/Arminia-Stuns-Leverkusen-in-DFB-Pokal-04-01
https://telegra.ph/Massive-School-Closings-Leave-Parents-Furious-04-02
https://telegra.ph/Paris-Jacksons-Music-and-Advocacy-Highlights-04-03
https://telegra.ph/April-Fools-Day-Pranks-and-Backfires-04-01
https://telegra.ph/Cinderella-Pro-Wins-Valero-Texas-Open-04-03
https://telegra.ph/Hawks-Steal-Victory-in-Dallas-Heist-04-03
https://telegra.ph/Florida-2024-Election-Results-Analysis-04-01
https://telegra.ph/Marvel-Rivals-Patch-Notes-Inquiry-and-Updates-04-04
https://telegra.ph/Personal-Injury-Attorney-Fights-for-Justice-04-02

Write Comment
Return to News
  Displaying 476 through 476 of 476
Prev | First 		  The time now is 6:04:34 PM ET.
Any comment problems? E-mail us
User name and password:

 

   *  
  *   *