Protection Against Cross-Site Scripting Attacks

Abstract

The use of web browser cookies has become quite prevalent online. Cookies follow internet users everywhere they go, whether to keep them logged in to certain services or to personalize the advertisements they receive. Since these cookies can contain sensitive information like usernames and passwords, it is of utmost importance that they are protected from any malicious activity. One common way to steal a user's cookie is through Cross-Site Scripting (XSS) attacks, where malicious scripts are injected into text comments on websites, such as forum discussion boards, that allow users to submit text messages and comments. These malicious scripts, injected into text, may deliver web browser cookies to the attacker without making the user aware of the hostile action taking place. To combat these attacks, we are proposing easily implementable solutions for those who host websites that allow users to submit text messages and comments. To analyze the proposed solutions, we have created two versions of the same website to portray the difference in XSS attacks on protected versus unprotected websites.