Cross-Site Scripting or XSS is and will remain to be a major pain for anyone trying to create a secure web application for their end-users. Cross-Site scripting attacks occur when an attacker can squeeze nasty code into your web application from any input field or functionality where a user can have their input reflected in the source code of your application. The primary issue usually always falls down to sanitizing user input, in other words; it is essential to check the data going into the web application and also where it shows or how it is handled in the output from the site. Easier said than done! A basic concept Let’s say you post a comment online like Hello World.. (a cliche example). The web application will then show the text for everyone to see…. If this web application was vulnerable to a cross–site scripting attack then we could inject code into the application! If an attacker can inject code similar to this on your site, they can do all kinds of malicious activity!...
