Cross site scripting (XSS) is when criminal hackers use weakness's in a website application to inject malicious code into that website which causes the website to behave in a way it was not designed to do.

The website weakness which allows this to happen is mainly to do with input data that has not been validated properly.

Cross site scripting is usually accomplished using JavaScript due to the fact that most browsers heavily rely on JavaScript to function.

Cross Site Scripting attacks occur when data enters a website through an entrusted web request. The data is sent to the web user without being validated first.

The malicious content sent to the browser is most likely JavaScript but can also be HTML or Flash.

The common end result is that the hackers will put Malware onto the website which will infect the users computers who visit that website. Google will eventually black list your website which is not good for a company's reputation or search engine rankings.

When designing your website, you must always validate any inputted data which will strip out any harmful inputs and protect your site. You should also consider making your whole site https so that all page to page exchanges are encrypted.

If you have any questions about cross site scripting please contact us at the Computer Geek.