GoDaddy Help

Cross-Site Scripting

Cross-site scripting (XSS) vulnerabilities let visitor-provided input, such as text in a search or form, influence how a website functions or displays for another visitor.

Attackers use XSS to exploit the trust between visitors and websites by entering text, usually browser-executable scripts such as JavaScript®, Adobe® Flash, or HTML, to perform a variety of malicious acts. Typical attacks access other visitors' session data or cookies, bypass log-in requirements, or redirect visitors to another malicious site.

For example: A blog site lets visitors comment on posts. The site doesn't check the content to make sure it's valid, and displays comments without sanitizing them.

Attackers can add comments with malicious links containing scripts that let them take over another user's session on the site.

You can prevent XSS flaws on your website by keeping visitor-provided information separate from the rest of your content. A "whitelist" can help validate acceptable input, but it might not be effective if your forms allow special characters.

You can check your website for XSS and other common vulnerabilities with a daily vulnerability scanner, such as SiteLock.

To learn more about XSS, see Cross-site Scripting (XSS) at the Open Web Application Security Project's site.

Was dit artikel nuttig?
Hartelijk dank voor je feedback. Gebruik het supporttelefoonnummer of de bovenstaande chatoptie als je een vertegenwoordiger van de afdeling Klantenondersteuning wilt spreken.
Fijn dat we konden helpen! Kunnen we nog iets voor je doen?
Dat spijt ons. Vertel ons wat je verwarrend vond of waarom je probleem niet is opgelost via de geboden oplossing.