Consider the following code:
URL:http://www.xsecurity.com/search.pl?text=<script>alert(document.cookie)</script>
If an attacker can trick a victim user to click a link like this, and the Web application does not validate input, then the victim’s browser will pop up an alert showing the users current set of cookies. An attacker can do much more damage, including stealing passwords, resetting your home page, or redirecting the user to another Web site.
What is the countermeasure against XSS scripting?
A.
Disable Javascript in IE and Firefox browsers
B.
Connect to the server using HTTPS protocol instead of HTTP
C.
Create an IP access list and restrict connections based on port number
D.
Replace “<” and “>” characterswith ?lt;? and ?gt;?using server scripts
Explanation:
The correct answer contains a string which is an HTML-quoted version of the original script. The quoted versions of these characters will appear as literals in a browser, rather than with their special meaning as HTML tags. This prevents any script from being injected into HTML output, but it also prevents any user-supplied input from being formatted with benign HTML.
I have the same idea.
What¦s Happening i am new to this, I stumbled upon this I’ve discovered It absolutely useful and it has helped me out loads. I am hoping to contribute & assist other users like its aided me. Great job.
http://www.bastcilkdoptb.com/