http://ask.metafilter.com/tags/cross-site Questions tagged with 'cross-site' at Ask MetaFilter. Tue, 22 May 2007 18:01:03 -0800 Tue, 22 May 2007 18:01:03 -0800 en-us http://blogs.law.harvard.edu/tech/rss 60 http://ask.metafilter.com/63202/KrisKross%2DSite%2DScripting Help explain how a hacker could perform a XSS exploit. This <a href='http://ez.no/community/articles/dangers_of_csrf_and_xss/xss_attacks'>article</a> explains how a bad-guy could send a malicious query through an unvalidated searchbox and essentially modify the html on the search results page. What I don't understand is how the hacker could have this malicious code display on a page that I am browsing. Except for unvalidated forum posts, how can a hacker inject malicious code into a webpage. If I ensure that my forum posts don't allow HTML and I am not loading external js files, what do I have to worry about? tag:ask.metafilter.com,2007:site.63202 Tue, 22 May 2007 18:01:03 -0800 cross-site csrf css scripting kaizen