Prevent XSS[Cross-Site Scripting] Attacks

Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. Often attackers will inject JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable application to fool a user (Read below for further details) in order to gather data from them Persistent Attack Example <script>document.location=’http://www.google.com/'</script> Non-Persistent Attack Example http://portal.example/index.php?sessionid=12312312&username=<script>document.location=’http://google.com'</script> DOM-based Attack Example http://www.vulnerable.site/welcome.html?name=<script>alert(document.cookie)</script> […]