XSS Cross-Site Scripting
How can an attack be caused?
For example, there is a public page where all users can access and save the content. If you enter <SCRIPT> alert ('I am hacker') </SCRIPT>. because this script is saved to the data, when someone else sees this content, the browser will pop up with an "I am hacker". Similarly, this script can send users' cookies to other websites, which can steal users' confidential information. XSS attacks refer to attacks on browser user information.
Two methods to prevent attacks:
1. When saving user input data, encode the input content. <SCRIPT> it becomes & lt; script & gt;
This is a poor solution. When the encoded data is displayed in a non-browser, it will be unfriendly.
2. encode the content during display. In this way, the script will not be executed.
For example, the C # encoding method is server. htmlencode ("<SCRIPT> alert ('I am hacker') </SCRIPT> ")
A simple explanation of XSS attacks