틀:XSS alert/doc

This is a documentation subpage for 틀:XSS alert (see that page for the 틀 itself).
It contains usage information, categories, interlanguage links and other content that is not part of the original 틀 page.

Template:XSS alert/doc

Description: Adds an alert box describing a Cross-site scripting vulnerability in including Extension page. Also adds including page to mw:Category:Extensions with XSS vulnerabilities
If your extension was tagged with this template please read

Example

{{XSS alert|~~~~}}

Creates

WARNING: the code or configuration described here poses a major security risk.

Problem: Vulnerable to Cross-site scripting attacks, because it passes user input directly to the browser. This may lead to user accounts being hijacked, among other things.
Solution: strictly validate user input and/or apply escaping to all characters that have a special meaning in HTML

Signed: Duesentrieb ⇌ 13:43, 22 March 2007 (UTC)