"XSS have became a problem that most web developers still suffering
from it tell now, simply because however you try hard to validate every
user input it only takes a single line of code that prints out the user
input without validation to render your whole application vulnerable to
XSS attacks and once you are vulnerable several attacks methods can be
applied on the users of your web application some of these attacks like
the one I’ve demonstrated before can be really dangerous and
undetectable. As we all know that perfect code is an illusion and also
we all know that several bugs pass the testing phase without being
detected especially if the testers were testing without security in
mind so it’s very normal to have a web application that is vulnerable
to XSS attacks even after testing several times. So what about a risk
mitigation plan to avoid XSS attacks in case some XSS vulnerabilities
showed up after the product have been deployed in live environment?
Imagine if we can have a nice safe valve that can stop a catastrophe
from happening, but how? This is a good question and to answer this
question we have to think about the following:"
"1- The XSS attacks basically happen in the client side.
2- The XSS attacks usually happen using java script.
After considering the previous two points we can conclude that to stop
a XSS attack that passed through our server side defenses and
validations we need to stop it in the client side and because XSS
attacks basically depends on java script which means the existence of
<script> tags in the attacker code. So now we can get a
conclusion that to stop XSS at the client side we can use java script
to filter the return HTML from the server to identify attacker java
script and warn the user about it or even warn the site admin about it
so s/he can become aware of the attack so s/he can do something about
it. But the real question now is how to identify the attacker java
script from our legitimate java script? Well, we can do this by
supplying something like a signature with our legitimate java script so
we can identify it from the malicious attacker java script that have
been injected in our web application pages and we can use another java
script that will filter the page content to identify the unsigned java
script as the attacker script and take some action about it in the
client side whenever it’s founded, here is an example
"
Article Link: http://barmagy.com/blogs/infinite_loop/archive/2007/07/20/498.aspx
