search
HomeOperation and MaintenanceSafetyWhat is a cross-site scripting attack?

What is a cross-site scripting attack?

Jun 28, 2020 pm 04:34 PM
Cross-site scripting attack

Cross-site scripting attack, also known as XSS, refers to the use of website vulnerabilities to maliciously steal information from users. Cross-site scripting attacks are divided into three categories: 1. Persistent cross-site; 2. Non-persistent cross-site; 3. DOM cross-site. Among them, persistent cross-site is the most direct type of harm.

What is a cross-site scripting attack?

Definition:

Cross-site scripting attack (also known as XSS) refers to the use of website vulnerabilities to maliciously steal information from users.

Type:

(1) Persistent cross-site: The most direct type of harm, the cross-site code is stored in the server (database).

(2) Non-persistent cross-site: Reflected cross-site scripting vulnerability, the most common type. User accesses the server-cross-site link-returns cross-site code.

(3) DOM cross-site (DOM XSS): DOM (document object model document object model), security issues caused by client script processing logic.

Introduction to defense rules:

1. Do not insert untrusted data in allowed locations;

2. Decode HTML before inserting untrusted data into HTML element content;

3. Perform attribute decoding before inserting untrusted data into common HTML attributes;

4. Perform JavaScript decoding before inserting untrusted data into HTML JavaScript Data Values;

5. Perform CSS decoding before inserting untrusted data into the HTML style attribute value;

6. Perform URL decoding before inserting untrusted data into the HTML URL attribute;

If you If you want to know more about related issues, you can visit php中文网.

The above is the detailed content of What is a cross-site scripting attack?. For more information, please follow other related articles on the PHP Chinese website!

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Best Graphic Settings
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. How to Fix Audio if You Can't Hear Anyone
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Chat Commands and How to Use Them
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

ZendStudio 13.5.1 Mac

ZendStudio 13.5.1 Mac

Powerful PHP integrated development environment

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

MinGW - Minimalist GNU for Windows

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

Atom editor mac version download

Atom editor mac version download

The most popular open source editor