Unfortunately the url I posted earlier regarding cross-site scripting appears to be little more than an advertisement, as the bottom continues on to this page about preventing CSS/XSS attacks, which is at best misleading, and at worse simply... well it's stupidly incorrect in at least one place:
http://www.imperva.com/application_defense_center/glossary/attack_prev ention/cross_site_scripting.html I quote "For example, the outbound HTTP stream contains legitimate instances of cross-site scripting (client side scripts)." ... Now... when simply serving an html page with script tags in it from a single domain became "cross-site scripting" is beyond me, especially since the name "cross-site scripting" implies that there must be more than one _site_ involved which is not the case when you use js libraries in your own code. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:5:166871 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/5 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
