The Daily Dose

Cross-site scripting (XSS) is common vulnerability found in web applications. The way it works is pretty easy to grasp. A website will take a text input – this could be anything from a post on a guestbook, to a Facebook update. The user will then pass the website a payload written in HTML and JavaScript that introduces some kind of undesired behavior. This could be benign, like an alert that says something like “Hello World”. Or it might not be. It could redirect the user to a phishing website, or a page loaded with malware. The web application then fails…

This story continues at The Next Web