I've been doing a bit of reading, and I can't really understand why XSS
is such an issue. Sure, if a user can insert a <script> tag, what
difference will that make to anyone else, as it is only on their own
1. User 1 logs on to the application. Fills up the form with malicious JS code in it. The server accepts the input, is stored in the database. 2. User 2 logs on to the application. Goes to the view the information stored in the database. The JS gets executed on user 2's browser. User is attacked by XSS.

I hope that clarifies the question.


With warm regards,
Sudheer. S
Business: http://binaryvibes.co.in, Tech stuff: http://techchorus.net, 
Personal: http://sudheer.net

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to