O'Reilly logo

Web Security by Hanqing Wu, Liz Zhao

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 3

Cross-Site Scripting Attack

Cross-site scripting (XSS) is the worst enemy of client script security. The Open Web Application Security Project (OWASP) TOP 10 repeatedly puts XSS at the top of its list. This chapter will discuss the principle of the XSS attack and how to properly defend against it.

3.1 Introduction

XSS was originally abbreviated as CSS, but in order to differ from cascading style sheet (CSS), it was renamed XSS in the security field.

XSS attacks usually refer to hackers tampering with the web page through HTML injection and inserting malicious scripts to control the user’s web browser when the user browses the web. In the beginning, the demonstration case of an attack is cross-domain, so it is called cross-site scripting ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required