9.20

XSS attacks:

  1. What is an XSS attack?

  2. How can the referer field be used to detect some XSS attacks?


  1. What is an XSS attack?

Cross-site scripting (XSS) is a type of security vulnerability, seen on some websites that allows users to enter text, such as comment or name, and then stores it and later displays it to other users. In such an attack, a malicious user enters code written in a client-side scripting language such as JavaScript or Flash instead of entering a valid name or comment. When a different user views the entered text, the browser executes the script, which can carry out actions as sending private cookie information back to the malicious user or even executing an action on a different web server that the user may be logged into.

  1. How can the referer field be used to detect some XSS attacks?

The referer of a page access, is the URL of the page that had the link that user clicked on to initiate the page access. By checking that the referer is valid, for example, that the referer URL is a page on the same website, XSS attacks that originated on a different web page accessed by the user can be prevented.