Cross site scripting
While looking around for cross site scripting resources I stumbled upon this “ha.ckers.org” site which is an excellent source for ideas on how to check for XSS vulnerabilities. I have seen it before but I obviously forgot to bookmark it. Now I saw the site listed in the top of del.icio.us/tag/xss as well. Another good site to checkout is the http://www.owasp.org and even though their regex collection is not very international it can be useful.
The most annoying thing is that the only user input I allow on my site, the comment form, is vulnerable. I guess I will have to fix that now. Immediately.
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
