Jump to content

Cross-site scripting

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by The Anome (talk | contribs) at 11:12, 6 June 2003 (a definition). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

Cross site scripting (sometimes abbreviated XSS) is a type of computer security exploit where information from one context, where is is not trusted, can be inserted into another context, where it is. From the trusted context, an attack can be launched.

A classic example of cross site scripting is to supply parameters to a CGI script on a web site which cause the web site to emit bogus data. For example, the use of HTML client-side scripting language fragments in a web page parameter may insert this information into the rendered page, resulting in targeted web browsers executing the code.

Alternatively, fragments of server-side scripting language may be executed by the web server itself.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Cross-site_scripting&oldid=1004427"