Cross-site scripting (English Wikipedia)

"A page should work, even if in a degraded form, without JavaScript." in Zammetti, Frank (April 16, 2007). Practical JavaScript, DOM Scripting and Ajax Projects via Amazon Reader. Apress. p. 36. ISBN 978-1-59059-816-0. Retrieved June 4, 2008.

angularjs.org

docs.angularjs.org

"Strict Contextual Escaping". Angular.js.

archive.org

Paco, Hope; Walther, Ben (2008). Web Security Testing Cookbook. Sebastopol, CA: O'Reilly Media, Inc. p. 128. ISBN 978-0-596-51483-9.

bbc.co.uk

news.bbc.co.uk

73% of sites relied on JavaScript in late 2006, in "'Most websites' failing disabled". BBC News. December 6, 2006. Retrieved June 4, 2008.

bindshell.net

Viruses and worms in Alcorn, Wade (September 27, 2005). "The Cross-site Scripting Virus". BindShell.net. Archived from the original on May 16, 2008. Retrieved May 27, 2008. and Grossman, Jeremiah (November 2020). "Cross-Site Scripting Worms and Viruses: The Impending Threat and the Best Defense". WhiteHat Security. p. 20. Retrieved June 6, 2008.^{[permanent dead link‍]}

books.google.com

Grossman, Jeremiah; Hansen, Robert; Fogie, Seth; Petkov, Petko D.; Rager, Anton (2007). XSS Attacks: Cross Site Scripting Exploits and Defense (Abstract). Syngress. pp. 70, 156. ISBN 978-1-59749-154-9. Retrieved May 28, 2008.

caniuse.com

"Can I use... Support tables for HTML5, CSS3, etc". caniuse.com. Retrieved May 1, 2019.
"Can I use... Support tables for HTML5, CSS3, etc". caniuse.com. Retrieved May 4, 2018.

csoonline.com

Berinato, Scott (January 1, 2007). "Software Vulnerability Disclosure: The Chilling Effect". CSO. CXO Media. p. 7. Archived from the original on April 18, 2008. Retrieved June 7, 2008.

csp.withgoogle.com

"Strict CSP - Content Security Policy". csp.withgoogle.com. Retrieved May 1, 2019.

developers.google.com

"Google Developers". Google Developers. Retrieved May 1, 2019.

doi.org

Hydara, Isatou; Sultan, Abu Bakar Md.; Zulzalil, Hazura; Admodisastro, Novia (February 1, 2015). "Current state of research on cross-site scripting (XSS) – A systematic literature review". Information and Software Technology. 58: 170–186. doi:10.1016/j.infsof.2014.07.010.

dropbox.tech

Akhawe, Devdatta (September 21, 2015). "[CSP] On Reporting and Filtering". Dropbox. Retrieved January 1, 2024.

elsevier.com

linkinghub.elsevier.com

Hydara, Isatou; Sultan, Abu Bakar Md.; Zulzalil, Hazura; Admodisastro, Novia (February 1, 2015). "Current state of research on cross-site scripting (XSS) – A systematic literature review". Information and Software Technology. 58: 170–186. doi:10.1016/j.infsof.2014.07.010.

elsevier.com

""Using client-side events" in DataWindow Programmer's Guide". Sybase. March 2003. Archived from the original on June 18, 2008. Retrieved June 4, 2008.

eweek.com

"How Google Is Using Content Security Policy to Mitigate Web Flaws". eWEEK. April 22, 2019. Retrieved May 1, 2019.

golang.org

"template - The Go Programming Language". golang.org. Retrieved May 1, 2019.

helpnetsecurity.com

Viruses and worms in Alcorn, Wade (September 27, 2005). "The Cross-site Scripting Virus". BindShell.net. Archived from the original on May 16, 2008. Retrieved May 27, 2008. and Grossman, Jeremiah (November 2020). "Cross-Site Scripting Worms and Viruses: The Impending Threat and the Best Defense". WhiteHat Security. p. 20. Retrieved June 6, 2008.^{[permanent dead link‍]}

ibm.com

Sharma, Anand (February 3, 2004). "Prevent a cross-site scripting attack". IBM. Retrieved May 29, 2008.

ietf.org

tools.ietf.org

Mark, Goodwin; Mike, West (April 6, 2016). "Same-site Cookies". tools.ietf.org. Retrieved May 4, 2018.

jeremiahgrossman.blogspot.com

Grossman, Jeremiah (July 30, 2006). "The origins of Cross-Site Scripting (XSS)". Retrieved September 15, 2008.

jquery.com

bugs.jquery.com

"JQuery bug #9521". 2011.

majorgeeks.com

"Self-XSS Facebook scam attempts to trick users into hacking themselves". www.majorgeeks.com. July 29, 2014. Retrieved September 20, 2016.

microsoft.com

learn.microsoft.com

"dross" on MSDN (December 15, 2009). "Happy 10th birthday Cross-Site Scripting!". Retrieved February 9, 2023. On the 16th of January, 2000, the following names were suggested and bounced around among a small group of Microsoft security engineers: [...] The next day there was consensus – Cross Site Scripting.

support.microsoft.com

"How to use security zones in Internet Explorer". Microsoft. December 18, 2007. Retrieved June 4, 2008.

mitre.org

cwe.mitre.org

Christey, Steve; Martin, Robert A. (May 22, 2007). "Vulnerability Type Distributions in CVE (version 1.1)". MITRE Corporation. Retrieved June 7, 2008.

modsecurity.org

"ModSecurity: Features: PDF Universal XSS Protection". Breach Security. Archived from the original on March 23, 2008. Retrieved June 6, 2008.

mozilla.org

addons.mozilla.org

"NoScript". Mozilla. May 30, 2008. Retrieved June 4, 2008. and Mogull, Rich (March 18, 2008). "Should Mac Users Run Antivirus Software?". TidBITS. TidBITS Publishing. Retrieved June 4, 2008.

noscript.net

"NoScript Features". Retrieved March 7, 2009.

npmjs.com

"pug-plugin-trusted-types". npm. Retrieved May 1, 2019.

openajax.org

"Ajax and Mashup Security". OpenAjax Alliance. Archived from the original on April 3, 2008. Retrieved June 9, 2008.

opera.com

labs.opera.com

Lie, Håkon Wium (February 7, 2006). "Opera 9 Technology Preview 2". Opera Software. Archived from the original on May 17, 2008. Retrieved June 4, 2008.

oreilly.com

O'Reilly, Tim (September 30, 2005). "What Is Web 2.0". O'Reilly Media. pp. 4–5. Retrieved June 4, 2008.

owasp.org

"DOM based XSS". OWASP.
"DOM based XSS prevention cheat sheet". OWASP.
Williams, Jeff (January 19, 2009). "XSS (Cross Site Scripting) Prevention Cheat Sheet". OWASP. Archived from the original on March 18, 2017. Retrieved February 4, 2010.

cheatsheetseries.owasp.org

"Cross Site Scripting Prevention - OWASP Cheat SheetSeries". OWASP. Retrieved March 19, 2003.

techcrunch.com

"Symantec Internet Security Threat Report: Trends for July–December 2007 (Executive Summary)" (PDF). Yahoo. April 2008. pp. 1–3. Archived (PDF) from the original on June 25, 2008. Retrieved January 1, 2024.

theguardian.com

Arthur, Charles (September 21, 2010). "Twitter users including Sarah Brown hit by malicious hacker attack". The Guardian. Retrieved September 21, 2010.

theregister.co.uk

Leyden, John (May 23, 2008). "Facebook poked by XSS flaw". The Register. Retrieved May 28, 2008.

tidbits.com

db.tidbits.com

"NoScript". Mozilla. May 30, 2008. Retrieved June 4, 2008. and Mogull, Rich (March 18, 2008). "Should Mac Users Run Antivirus Software?". TidBITS. TidBITS Publishing. Retrieved June 4, 2008.

w3.org

"Same Origin Policy - Web Security. W3.org". Retrieved November 4, 2014.
"Content Security Policy Level 3". www.w3.org. Retrieved May 1, 2019.

web.archive.org

"Symantec Internet Security Threat Report: Trends for July–December 2007 (Executive Summary)" (PDF). Yahoo. April 2008. pp. 1–3. Archived (PDF) from the original on June 25, 2008. Retrieved January 1, 2024.
Berinato, Scott (January 1, 2007). "Software Vulnerability Disclosure: The Chilling Effect". CSO. CXO Media. p. 7. Archived from the original on April 18, 2008. Retrieved June 7, 2008.
Viruses and worms in Alcorn, Wade (September 27, 2005). "The Cross-site Scripting Virus". BindShell.net. Archived from the original on May 16, 2008. Retrieved May 27, 2008. and Grossman, Jeremiah (November 2020). "Cross-Site Scripting Worms and Viruses: The Impending Threat and the Best Defense". WhiteHat Security. p. 20. Retrieved June 6, 2008.^{[permanent dead link‍]}
Williams, Jeff (January 19, 2009). "XSS (Cross Site Scripting) Prevention Cheat Sheet". OWASP. Archived from the original on March 18, 2017. Retrieved February 4, 2010.
"ModSecurity: Features: PDF Universal XSS Protection". Breach Security. Archived from the original on March 23, 2008. Retrieved June 6, 2008.
"Ajax and Mashup Security". OpenAjax Alliance. Archived from the original on April 3, 2008. Retrieved June 9, 2008.
Lie, Håkon Wium (February 7, 2006). "Opera 9 Technology Preview 2". Opera Software. Archived from the original on May 17, 2008. Retrieved June 4, 2008.
""Using client-side events" in DataWindow Programmer's Guide". Sybase. March 2003. Archived from the original on June 18, 2008. Retrieved June 4, 2008.

webappsec.org

projects.webappsec.org

"Cross-site Scripting". Web Application Security Consortium. 2005. Retrieved May 28, 2008.

wicg.github.io

"Trusted Types Spec WIP". wicg.github.io. Retrieved May 1, 2019.