Cross-site scripting attack, also known as XSS, refers to the use of website vulnerabilities to maliciously steal information from users. Cross-site scripting attacks are divided into three categories: 1. Persistent cross-site; 2. Non-persistent cross-site; 3. DOM cross-site. Among them, persistent cross-site is the most direct type of harm.
Definition:
Cross-site scripting attack (also known as XSS) refers to the use of website vulnerabilities to maliciously steal information from users.
Type:
(1) Persistent cross-site: The most direct type of harm, the cross-site code is stored in the server (database).
(2) Non-persistent cross-site: Reflected cross-site scripting vulnerability, the most common type. User accesses the server-cross-site link-returns cross-site code.
(3) DOM cross-site (DOM XSS): DOM (document object model document object model), security issues caused by client script processing logic.
Introduction to defense rules:
1. Do not insert untrusted data in allowed locations;
2. Decode HTML before inserting untrusted data into HTML element content;
3. Perform attribute decoding before inserting untrusted data into common HTML attributes;
4. Perform JavaScript decoding before inserting untrusted data into HTML JavaScript Data Values;
5. Perform CSS decoding before inserting untrusted data into the HTML style attribute value;
6. Perform URL decoding before inserting untrusted data into the HTML URL attribute;
If you If you want to know more about related issues, you can visitphp中文网.
The above is the detailed content of What is a cross-site scripting attack?. For more information, please follow other related articles on the PHP Chinese website!