Regular expression for validating name in asp net
HTML form submission), is used immediately by server-side scripts to parse and display a page of results for and to that user, without properly sanitizing the request.
Because HTML documents have a flat, serial structure that mixes control statements, formatting, and the actual content, any non-validated user-supplied data included in the resulting page without proper HTML encoding, may lead to markup injection.
To do so, she writes a script designed to run from other people's browsers when they visit her profile.
The script then sends a quick message to her own server, which collects this information.
Microsoft security-engineers introduced the term "cross-site scripting" in January 2000.
The expression "cross-site scripting" originally referred to the act of loading the attacked, third-party web application from an unrelated attack-site, in a manner that executes a fragment of Java Script prepared by the attacker in the security context of the targeted domain (taking advantage of a reflected or non-persistent XSS vulnerability).
A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read.
For example, suppose there is a dating website where members scan the profiles of other members to see if they look interesting.
The bait is an innocent-looking URL, pointing to a trusted site but containing the XSS vector.Although widely recommended, performing HTML entity encoding only on the five XML significant characters is not always sufficient to prevent many forms of XSS attacks.As encoding is often difficult, security encoding libraries are usually easier to use.) will not suffice since the user input needs to be rendered as HTML by the browser (so it shows as "very large", instead of "very large").This essentially states that if content from one site (such as https://mybank.example1.com) is granted permission to access resources on a system, then any content from that site will share these permissions, while content from another site (https://othersite.example2.com) will have to be granted permissions separately.
Cross-site scripting attacks use known vulnerabilities in web-based applications, their servers, or the plug-in systems on which they rely.
A classic example of a potential vector is a site search engine: if one searches for a string, the search string will typically be redisplayed verbatim on the result page to indicate what was searched for.