Elsevier, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively
"Makers") of this book ("the Work") do not guarantee or warrant the results to be obtained from the Work.
There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS
and WITHOUT WARRANTY.You may have other legal rights, which vary from state to state.
In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or
consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or
limitation of liability for consequential or incidental damages, the above limitation may not apply to you.
You should always use reasonable care, including backup and other appropriate precautions, when working with
computers, networks, data, and files.
Syngress Media(g), Syngress(g), "Career Advancement Through Skill Enhancement(g)," "Ask the Author UPDATE(g),"
and "Hack Proofing(g)," are registered trademarks of Elsevier, Inc. "Syngress: The Definition of a Serious Security
Library"TM,"Mission Critical
TM
" and "The Only Way to Stop a Hacker is to Think Like One TM'' are trademarks of
Elsevier, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective
companies.
KEY SERIAL NUMBER
001 HJIRTCV764
002 PO9873D5FG
003 829KM8NJH2
004 XVQ45LK89A
005 CVPLQ6WQ23
006 VBP965T5T5
007 HJJJ863WD3E
008 2987GVTWMK
009 629MP5SDJT
010 IMWQ295T6T
PUBLISHED BY
Syngress Publishing, Inc.
Elsevier, Inc.
30 Corporate Drive
Burlington, MA 01803
Cross Site Scripting Attacks: XSS Exploits and Defense
Copyright 9 2007 by Elsevier, Inc.All rights reserved. Printed in the United States of America. Except as permitted
under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by
any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with
the exception that the program listings may be entered, stored, and executed in a computer system, but they may
not be reproduced for publication.
Printed in the United States of America
1234567890
ISBN-10:1-59749-154-3
ISBN-13:978-1-59749-154-9
Publisher: Amorette Pedersen
Acquisitions Editor: Andrew Williams
Technical Editor: Seth Fogie
Page Layout and Art: Patricia Lupien
Copy Editor: Judy Eby
Cover Designer: Michael Kavish
Indexer: Richard Carlson
For information on rights, translations, and bulk sales, contact Matt Pedersen, Commercial Sales Director and
Rights, at Syngress Publishing; email m.pedersen@elsevier.com.
Jeremiah Grossman founded WhiteHat Security in 2001 and is currently
the Chief Technology Officer. Prior to WhiteHat, Jeremiah was an informa-
tion security officer at Yahoo! responsible for performing security reviews
on the company's hundreds of websites. As one of the world's busiest web
properties, with over 17,000 web servers for customer access and 600 web-
sites, the highest level of security was required. Before Yahoo!, Jeremiah
worked for Amgen, Inc.
A 6-year security industry veteran, Jeremiah's research has been featured
in USA Today, NBC, and ZDNet and touched all areas of web security. He
is a world-renowned leader in web security and frequent speaker at the
Blackhat Briefings, NASA, Air Force and Technology Conference,
Washington Software Alliance, ISSA, ISACA and Defcon.
Jeremiah has developed the widely used assessment tool "WhiteHat
Arsenal," as well as the acclaimed Web Server Fingerprinter tool and tech-
nology. He is a founder of the Website Security Consortium (WASC) and
the Open Website Security Project (OWASP), as well as a contributing