I've been doing a bit of reading, and I can't really understand why XSS
is such an issue. Sure, if a user can insert a <script> tag, what
difference will that make to anyone else, as it is only on their own
browser.
1. User 1 logs on to the application. Fills up the form with malicious
JS code in it. The server accepts the input, is stored in the database.
2. User 2 logs on to the application. Goes to the view the information
stored in the database. The JS gets executed on user 2's browser. User
is attacked by XSS.
I hope that clarifies the question.
--
With warm regards,
Sudheer. S
Business: http://binaryvibes.co.in, Tech stuff: http://techchorus.net,
Personal: http://sudheer.net
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
