Cross-site scripting (English Wikipedia)

"A page should work, even if in a degraded form, without JavaScript." in Zammetti, Frank (April 16, 2007). Practical JavaScript, DOM Scripting and Ajax Projects via Amazon Reader. Apress. p. 36. ISBN 978-1-59059-816-0. Retrieved June 4, 2008.

angularjs.org (Global: low place; English: low place)

docs.angularjs.org

"Strict Contextual Escaping". Angular.js.

archive.org (Global: 6^th place; English: 6^th place)

Paco, Hope; Walther, Ben (2008). Web Security Testing Cookbook. Sebastopol, CA: O'Reilly Media, Inc. p. 128. ISBN 978-0-596-51483-9.

bbc.co.uk (Global: 8^th place; English: 10^th place)

news.bbc.co.uk

73% of sites relied on JavaScript in late 2006, in "'Most websites' failing disabled". BBC News. December 6, 2006. Retrieved June 4, 2008.

bindshell.net (Global: low place; English: low place)

Viruses and worms in Alcorn, Wade (September 27, 2005). "The Cross-site Scripting Virus". BindShell.net. Archived from the original on May 16, 2008. Retrieved May 27, 2008. and Grossman, Jeremiah (November 2020). "Cross-Site Scripting Worms and Viruses: The Impending Threat and the Best Defense". WhiteHat Security. p. 20. Retrieved June 6, 2008.^{[permanent dead link]}

books.google.com (Global: 3^rd place; English: 3^rd place)

Grossman, Jeremiah; Hansen, Robert; Fogie, Seth; Petkov, Petko D.; Rager, Anton (2007). XSS Attacks: Cross Site Scripting Exploits and Defense (Abstract). Syngress. pp. 70, 156. ISBN 978-1-59749-154-9. Retrieved May 28, 2008.

caniuse.com (Global: low place; English: low place)

"Can I use... Support tables for HTML5, CSS3, etc". caniuse.com. Retrieved May 4, 2018.

csoonline.com (Global: low place; English: low place)

Berinato, Scott (January 1, 2007). "Software Vulnerability Disclosure: The Chilling Effect". CSO. CXO Media. p. 7. Archived from the original on April 18, 2008. Retrieved June 7, 2008.

doi.org (Global: 2^nd place; English: 2^nd place)

Hydara, Isatou; Sultan, Abu Bakar Md.; Zulzalil, Hazura; Admodisastro, Novia (February 1, 2015). "Current state of research on cross-site scripting (XSS) – A systematic literature review". Information and Software Technology. 58: 170–186. doi:10.1016/j.infsof.2014.07.010.

elsevier.com (Global: 610^th place; English: 704^th place)

linkinghub.elsevier.com

Hydara, Isatou; Sultan, Abu Bakar Md.; Zulzalil, Hazura; Admodisastro, Novia (February 1, 2015). "Current state of research on cross-site scripting (XSS) – A systematic literature review". Information and Software Technology. 58: 170–186. doi:10.1016/j.infsof.2014.07.010.

elsevier.com

""Using client-side events" in DataWindow Programmer's Guide". Sybase. March 2003. Archived from the original on June 18, 2008. Retrieved June 4, 2008.

golang.org (Global: 8,118^th place; English: 6,098^th place)

"template - The Go Programming Language". golang.org. Retrieved May 1, 2019.

helpnetsecurity.com (Global: low place; English: low place)

Viruses and worms in Alcorn, Wade (September 27, 2005). "The Cross-site Scripting Virus". BindShell.net. Archived from the original on May 16, 2008. Retrieved May 27, 2008. and Grossman, Jeremiah (November 2020). "Cross-Site Scripting Worms and Viruses: The Impending Threat and the Best Defense". WhiteHat Security. p. 20. Retrieved June 6, 2008.^{[permanent dead link]}

ibm.com (Global: 1,131^st place; English: 850^th place)

Sharma, Anand (February 3, 2004). "Prevent a cross-site scripting attack". IBM. Retrieved May 29, 2008.

ietf.org (Global: 214^th place; English: 176^th place)

tools.ietf.org

Mark, Goodwin; Mike, West (April 6, 2016). "Same-site Cookies". tools.ietf.org. Retrieved May 4, 2018.

jeremiahgrossman.blogspot.com (Global: low place; English: low place)

Grossman, Jeremiah (July 30, 2006). "The origins of Cross-Site Scripting (XSS)". Retrieved September 15, 2008.

jquery.com (Global: low place; English: low place)

bugs.jquery.com

"JQuery bug #9521". 2011.

majorgeeks.com (Global: low place; English: low place)

"Self-XSS Facebook scam attempts to trick users into hacking themselves". www.majorgeeks.com. July 29, 2014. Retrieved September 20, 2016.

microsoft.com (Global: 153^rd place; English: 151^st place)

learn.microsoft.com

"dross" on MSDN (December 15, 2009). "Happy 10th birthday Cross-Site Scripting!". Retrieved February 9, 2023. On the 16th of January, 2000, the following names were suggested and bounced around among a small group of Microsoft security engineers: [...] The next day there was consensus – Cross Site Scripting.

support.microsoft.com

"How to use security zones in Internet Explorer". Microsoft. December 18, 2007. Retrieved June 4, 2008.

mitre.org (Global: low place; English: low place)

cwe.mitre.org

Christey, Steve; Martin, Robert A. (May 22, 2007). "Vulnerability Type Distributions in CVE (version 1.1)". MITRE Corporation. Retrieved June 7, 2008.

modsecurity.org (Global: low place; English: low place)

"ModSecurity: Features: PDF Universal XSS Protection". Breach Security. Archived from the original on March 23, 2008. Retrieved June 6, 2008.

mozilla.org (Global: 1,686^th place; English: 1,293^rd place)

addons.mozilla.org

"NoScript". Mozilla. May 30, 2008. Retrieved June 4, 2008. and Mogull, Rich (March 18, 2008). "Should Mac Users Run Antivirus Software?". TidBITS. TidBITS Publishing. Retrieved June 4, 2008.

noscript.net (Global: low place; English: low place)

"NoScript Features". Retrieved March 7, 2009.

npmjs.com (Global: low place; English: low place)

"pug-plugin-trusted-types". npm. Retrieved May 1, 2019.

openajax.org (Global: low place; English: low place)

"Ajax and Mashup Security". OpenAjax Alliance. Archived from the original on April 3, 2008. Retrieved June 9, 2008.

opera.com (Global: 6,731^st place; English: 5,817^th place)

labs.opera.com

Lie, Håkon Wium (February 7, 2006). "Opera 9 Technology Preview 2". Opera Software. Archived from the original on May 17, 2008. Retrieved June 4, 2008.

oreilly.com (Global: 4,347^th place; English: 3,017^th place)

O'Reilly, Tim (September 30, 2005). "What Is Web 2.0". O'Reilly Media. pp. 4–5. Retrieved June 4, 2008.

owasp.org (Global: low place; English: low place)

owasp.org

"DOM based XSS". OWASP.
"DOM based XSS prevention cheat sheet". OWASP.
Williams, Jeff (January 19, 2009). "XSS (Cross Site Scripting) Prevention Cheat Sheet". OWASP. Archived from the original on March 18, 2017. Retrieved February 4, 2010.

cheatsheetseries.owasp.org

"Cross Site Scripting Prevention - OWASP Cheat SheetSeries". OWASP. Retrieved March 19, 2003.

theguardian.com (Global: 12^th place; English: 11^th place)

Arthur, Charles (September 21, 2010). "Twitter users including Sarah Brown hit by malicious hacker attack". The Guardian. Retrieved September 21, 2010.

theregister.co.uk (Global: 1,216^th place; English: 797^th place)

Leyden, John (May 23, 2008). "Facebook poked by XSS flaw". The Register. Retrieved May 28, 2008.

tidbits.com (Global: low place; English: low place)

db.tidbits.com

"NoScript". Mozilla. May 30, 2008. Retrieved June 4, 2008. and Mogull, Rich (March 18, 2008). "Should Mac Users Run Antivirus Software?". TidBITS. TidBITS Publishing. Retrieved June 4, 2008.

w3.org (Global: 691^st place; English: 581^st place)

"Same Origin Policy - Web Security. W3.org". Retrieved November 4, 2014.

web.archive.org (Global: 1^st place; English: 1^st place)

Berinato, Scott (January 1, 2007). "Software Vulnerability Disclosure: The Chilling Effect". CSO. CXO Media. p. 7. Archived from the original on April 18, 2008. Retrieved June 7, 2008.
Viruses and worms in Alcorn, Wade (September 27, 2005). "The Cross-site Scripting Virus". BindShell.net. Archived from the original on May 16, 2008. Retrieved May 27, 2008. and Grossman, Jeremiah (November 2020). "Cross-Site Scripting Worms and Viruses: The Impending Threat and the Best Defense". WhiteHat Security. p. 20. Retrieved June 6, 2008.^{[permanent dead link]}
Williams, Jeff (January 19, 2009). "XSS (Cross Site Scripting) Prevention Cheat Sheet". OWASP. Archived from the original on March 18, 2017. Retrieved February 4, 2010.
"ModSecurity: Features: PDF Universal XSS Protection". Breach Security. Archived from the original on March 23, 2008. Retrieved June 6, 2008.
"Ajax and Mashup Security". OpenAjax Alliance. Archived from the original on April 3, 2008. Retrieved June 9, 2008.
Lie, Håkon Wium (February 7, 2006). "Opera 9 Technology Preview 2". Opera Software. Archived from the original on May 17, 2008. Retrieved June 4, 2008.
""Using client-side events" in DataWindow Programmer's Guide". Sybase. March 2003. Archived from the original on June 18, 2008. Retrieved June 4, 2008.

webappsec.org (Global: low place; English: low place)

projects.webappsec.org

"Cross-site Scripting". Web Application Security Consortium. 2005. Retrieved May 28, 2008.

wicg.github.io (Global: low place; English: low place)

"Trusted Types Spec WIP". wicg.github.io. Retrieved May 1, 2019.

Cross-site scripting (English Wikipedia)

amazon.com (Global: 105th place; English: 79th place)

angularjs.org (Global: low place; English: low place)

docs.angularjs.org

archive.org (Global: 6th place; English: 6th place)

bbc.co.uk (Global: 8th place; English: 10th place)

news.bbc.co.uk

bindshell.net (Global: low place; English: low place)

books.google.com (Global: 3rd place; English: 3rd place)

caniuse.com (Global: low place; English: low place)

csoonline.com (Global: low place; English: low place)

doi.org (Global: 2nd place; English: 2nd place)

elsevier.com (Global: 610th place; English: 704th place)

linkinghub.elsevier.com

elsevier.com

golang.org (Global: 8,118th place; English: 6,098th place)

helpnetsecurity.com (Global: low place; English: low place)

ibm.com (Global: 1,131st place; English: 850th place)

ietf.org (Global: 214th place; English: 176th place)

tools.ietf.org

jeremiahgrossman.blogspot.com (Global: low place; English: low place)

jquery.com (Global: low place; English: low place)

bugs.jquery.com

majorgeeks.com (Global: low place; English: low place)

microsoft.com (Global: 153rd place; English: 151st place)

learn.microsoft.com

support.microsoft.com

mitre.org (Global: low place; English: low place)

cwe.mitre.org

modsecurity.org (Global: low place; English: low place)

mozilla.org (Global: 1,686th place; English: 1,293rd place)

addons.mozilla.org

noscript.net (Global: low place; English: low place)

npmjs.com (Global: low place; English: low place)

openajax.org (Global: low place; English: low place)

opera.com (Global: 6,731st place; English: 5,817th place)

labs.opera.com

oreilly.com (Global: 4,347th place; English: 3,017th place)

owasp.org (Global: low place; English: low place)

owasp.org

cheatsheetseries.owasp.org

theguardian.com (Global: 12th place; English: 11th place)

theregister.co.uk (Global: 1,216th place; English: 797th place)

tidbits.com (Global: low place; English: low place)

db.tidbits.com

w3.org (Global: 691st place; English: 581st place)

web.archive.org (Global: 1st place; English: 1st place)

webappsec.org (Global: low place; English: low place)

projects.webappsec.org

wicg.github.io (Global: low place; English: low place)

amazon.com (Global: 105^th place; English: 79^th place)

archive.org (Global: 6^th place; English: 6^th place)

bbc.co.uk (Global: 8^th place; English: 10^th place)

books.google.com (Global: 3^rd place; English: 3^rd place)

doi.org (Global: 2^nd place; English: 2^nd place)

elsevier.com (Global: 610^th place; English: 704^th place)

golang.org (Global: 8,118^th place; English: 6,098^th place)

ibm.com (Global: 1,131^st place; English: 850^th place)

ietf.org (Global: 214^th place; English: 176^th place)

microsoft.com (Global: 153^rd place; English: 151^st place)

mozilla.org (Global: 1,686^th place; English: 1,293^rd place)

opera.com (Global: 6,731^st place; English: 5,817^th place)

oreilly.com (Global: 4,347^th place; English: 3,017^th place)

theguardian.com (Global: 12^th place; English: 11^th place)

theregister.co.uk (Global: 1,216^th place; English: 797^th place)

w3.org (Global: 691^st place; English: 581^st place)

web.archive.org (Global: 1^st place; English: 1^st place)