View stunning SlideShares in full-screen with the new iOS app!Introducing SlideShare for AndroidExplore all your favorite topics in the SlideShare appGet the SlideShare app to Save for Later — even offline
View stunning SlideShares in full-screen with the new Android app!View stunning SlideShares in full-screen with the new iOS app!
Preventing Cross-site Scripting Attacks
In Your Web Applications
by Paul Lindner
February 20, 2002
The cross-site scripting attack is one of the most common, yet overlooked, security
problems facing web developers today. A web site is vulnerable if it displays user-
submitted content without checking for malicious script tags.
Luckily, Perl and mod_perl provide us with easy solutions to this problem. We highlight
these built-in solutions and also a introduce a new mod_perl module:
Apache::TaintRequest. This module helps you secure mod_perl applications by applying
perl's powerful tainting rules to HTML output.
What is Cross-Site Scripting?
Lately the news has been full of reports on web site security lapses. Some recent
headlines include the following grim items: Security problems open Microsoft's Wallet,
Schwab financial site vulnerable to attack, or New hack poses threat to popular Web
services. In all these cases the root problem was caused by a Cross-Site Scripti