Tuesday, June 23, 2009

Cross-Site Scripting (XSS)

Today I came across a question: "what is most important when trying to prevent a cross-site scripting attack?"

The answer is most intuitive. The most important rule to prevent cross-site scripting is "never trust user input". Not far behind comes "escape output".
These are general server-side programming rules, they do not apply only to specific language, like PHP.

1 comment: