{"id":1409,"date":"2005-05-23T12:31:33","date_gmt":"2005-05-23T10:31:33","guid":{"rendered":"https:\/\/www.fullo.net\/blog\/index.php\/archives\/2005\/05\/23\/xss-cross-side-scripting\/"},"modified":"2005-05-23T12:31:33","modified_gmt":"2005-05-23T10:31:33","slug":"xss-cross-side-scripting","status":"publish","type":"post","link":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/","title":{"rendered":"XSS, cross side scripting"},"content":{"rendered":"<p>le tecniche di <a href=\"http:\/\/en.wikipedia.org\/wiki\/XSS\">XSS<\/a> sono l&#8217;incubo per la maggior parte degli sviluppatori web, quindi per dormire (un po&#8217; pi\u00f9) tranquilli su ha.ckers.org \u00e8 presente un <a href=\"http:\/\/ha.ckers.org\/xss.html\">elenco dei principali XSS<\/a> in circolazione al momento.<\/p>\n<p>ciuaz<\/p>\n","protected":false},"excerpt":{"rendered":"<p>le tecniche di XSS sono l&#8217;incubo per la maggior parte degli sviluppatori web, quindi per dormire (un po&#8217; pi\u00f9) tranquilli su ha.ckers.org \u00e8 presente un elenco dei principali XSS in circolazione al momento. ciuaz<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[12],"tags":[],"class_list":["post-1409","post","type-post","status-publish","format-standard","hentry","category-webdev"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>XSS, cross side scripting - Fullo<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"XSS, cross side scripting - Fullo\" \/>\n<meta property=\"og:description\" content=\"le tecniche di XSS sono l&#8217;incubo per la maggior parte degli sviluppatori web, quindi per dormire (un po&#8217; pi\u00f9) tranquilli su ha.ckers.org \u00e8 presente un elenco dei principali XSS in circolazione al momento. ciuaz\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/\" \/>\n<meta property=\"og:site_name\" content=\"Fullo\" \/>\n<meta property=\"article:published_time\" content=\"2005-05-23T10:31:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2021\/05\/FB_IMG_1515748807284.jpg?fit=1453%2C1453&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"1453\" \/>\n\t<meta property=\"og:image:height\" content=\"1453\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Francesco Fullone\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@fullo\" \/>\n<meta name=\"twitter:site\" content=\"@fullo\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Francesco Fullone\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2005\\\/05\\\/23\\\/xss-cross-side-scripting\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2005\\\/05\\\/23\\\/xss-cross-side-scripting\\\/\"},\"author\":{\"name\":\"Francesco Fullone\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\"},\"headline\":\"XSS, cross side scripting\",\"datePublished\":\"2005-05-23T10:31:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2005\\\/05\\\/23\\\/xss-cross-side-scripting\\\/\"},\"wordCount\":40,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\"},\"articleSection\":[\"webdev\"],\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2005\\\/05\\\/23\\\/xss-cross-side-scripting\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2005\\\/05\\\/23\\\/xss-cross-side-scripting\\\/\",\"url\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2005\\\/05\\\/23\\\/xss-cross-side-scripting\\\/\",\"name\":\"XSS, cross side scripting - Fullo\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#website\"},\"datePublished\":\"2005-05-23T10:31:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2005\\\/05\\\/23\\\/xss-cross-side-scripting\\\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2005\\\/05\\\/23\\\/xss-cross-side-scripting\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2005\\\/05\\\/23\\\/xss-cross-side-scripting\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"XSS, cross side scripting\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/\",\"name\":\"Fullo\",\"description\":\"nulla e&#039; impossibile per chi non lo deve fare!\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\",\"name\":\"Francesco Fullone\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\",\"width\":622,\"height\":622,\"caption\":\"Francesco Fullone\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\"},\"sameAs\":[\"http:\\\/\\\/www.fullo.net\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/fullo\",\"https:\\\/\\\/x.com\\\/fullo\"],\"url\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/author\\\/fullo\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"XSS, cross side scripting - Fullo","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/","og_locale":"it_IT","og_type":"article","og_title":"XSS, cross side scripting - Fullo","og_description":"le tecniche di XSS sono l&#8217;incubo per la maggior parte degli sviluppatori web, quindi per dormire (un po&#8217; pi\u00f9) tranquilli su ha.ckers.org \u00e8 presente un elenco dei principali XSS in circolazione al momento. ciuaz","og_url":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/","og_site_name":"Fullo","article_published_time":"2005-05-23T10:31:33+00:00","og_image":[{"width":1453,"height":1453,"url":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2021\/05\/FB_IMG_1515748807284.jpg?fit=1453%2C1453&ssl=1","type":"image\/jpeg"}],"author":"Francesco Fullone","twitter_card":"summary_large_image","twitter_creator":"@fullo","twitter_site":"@fullo","twitter_misc":{"Scritto da":"Francesco Fullone"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/#article","isPartOf":{"@id":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/"},"author":{"name":"Francesco Fullone","@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c"},"headline":"XSS, cross side scripting","datePublished":"2005-05-23T10:31:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/"},"wordCount":40,"commentCount":0,"publisher":{"@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c"},"articleSection":["webdev"],"inLanguage":"it-IT","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/","url":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/","name":"XSS, cross side scripting - Fullo","isPartOf":{"@id":"https:\/\/www.fullo.net\/blog\/#website"},"datePublished":"2005-05-23T10:31:33+00:00","breadcrumb":{"@id":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fullo.net\/blog\/"},{"@type":"ListItem","position":2,"name":"XSS, cross side scripting"}]},{"@type":"WebSite","@id":"https:\/\/www.fullo.net\/blog\/#website","url":"https:\/\/www.fullo.net\/blog\/","name":"Fullo","description":"nulla e&#039; impossibile per chi non lo deve fare!","publisher":{"@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fullo.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":["Person","Organization"],"@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c","name":"Francesco Fullone","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1","url":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1","width":622,"height":622,"caption":"Francesco Fullone"},"logo":{"@id":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1"},"sameAs":["http:\/\/www.fullo.net","https:\/\/www.linkedin.com\/in\/fullo","https:\/\/x.com\/fullo"],"url":"https:\/\/www.fullo.net\/blog\/author\/fullo\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p3OSc1-mJ","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":2088,"url":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/","url_meta":{"origin":1409,"position":0},"title":"Serendipity security release","author":"Francesco Fullone","date":"19\/10\/2006","format":false,"excerpt":"E' stata rilasciata una security release per Serendipity. E' stato trovato un baco XSS per l'area di amministrazione del cms che permetterebbe di mettere in ginocchio un sito basato sul cms opensource. Ovviamente il sito di Serendipity \u00e8 stato il primo ad essere stato attaccato :( ... ciuaz","rel":"","context":"In &quot;php&quot;","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2085,"url":"https:\/\/www.fullo.net\/blog\/2006\/10\/18\/wordpress-205rc1\/","url_meta":{"origin":1409,"position":1},"title":"WordPress 2.0.5rc1","author":"Francesco Fullone","date":"18\/10\/2006","format":false,"excerpt":"Prima RC per l'ultima versione di Wordpress 2.0.x, con questa release sono stati corretti alcuni bug minori ed \u00e8 stato migliorato il controllo sui XSS per le custom form. Altra piccola features \u00e8 l'autoriconoscimento dei link all'interno dei post e dei commenti. Wordpress 2.0.5rc1 \u00e8 scaricabile qui ed eventuali bugs\u2026","rel":"","context":"In &quot;open source&quot;","block_context":{"text":"open source","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/open-source\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2108,"url":"https:\/\/www.fullo.net\/blog\/2006\/11\/04\/aggiornate-php-e-fatelo-in-fretta\/","url_meta":{"origin":1409,"position":2},"title":"Aggiornate PHP, e fatelo in fretta&#8230;","author":"Francesco Fullone","date":"04\/11\/2006","format":false,"excerpt":"E' stata rilevato un bug abbastanza grave che permette di usare htmlentities() e htmlspecialchars() per eseguire codice remoto su un server (maggiori info su hardened-php). Siccome quelle due funzioni sono alla base di tutti i metodi di parsing e protezione contro XSS sono normalmente usate ovunque. Su PHP.net trovate le\u2026","rel":"","context":"In &quot;php&quot;","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1712,"url":"https:\/\/www.fullo.net\/blog\/2005\/10\/26\/php-sicurezza-e-quantaltro\/","url_meta":{"origin":1409,"position":3},"title":"php, sicurezza e quantaltro&#8230;","author":"Francesco Fullone","date":"26\/10\/2005","format":false,"excerpt":"Continuano gli sproloqui e le wishlist sul futuro framework di Zend, per ora ne parlano: Wez Furlong (il quale per\u00f2 da anche le prime spiegazioni di come sar\u00e0 veramente) John Lim Chris Shifflet con una whishlist sulla sicurezza Ancora qualche links (forse qualcuno vecchio) sulla sicurezza delle applicazioni web: su\u2026","rel":"","context":"In &quot;php&quot;","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":4533,"url":"https:\/\/www.fullo.net\/blog\/2025\/11\/12\/la-matematica-della-compressione-dei-prompt-per-llm\/","url_meta":{"origin":1409,"position":4},"title":"La matematica della compressione dei Prompt per LLM","author":"Francesco Fullone","date":"12\/11\/2025","format":false,"excerpt":"TL;DR - Il cliff della compressione Puoi comprimere i tuoi prompt del 60-70% senza perdita qualitativa significativa. Sotto quella soglia, la qualit\u00e0 crolla. Ho testato tre varianti dello stesso prompt, applicato un converter a se stesso, e scoperto che i LLM hanno un punto fisso di convergenza intorno ai 475\u2026","rel":"","context":"In &quot;lifehack&quot;","block_context":{"text":"lifehack","link":"https:\/\/www.fullo.net\/blog\/category\/di-tutto-un-po\/lifehack\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2025\/11\/compressed-prompt.png?fit=1024%2C1024&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2025\/11\/compressed-prompt.png?fit=1024%2C1024&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2025\/11\/compressed-prompt.png?fit=1024%2C1024&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2025\/11\/compressed-prompt.png?fit=1024%2C1024&ssl=1&resize=700%2C400 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/posts\/1409","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/comments?post=1409"}],"version-history":[{"count":0,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/posts\/1409\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/media?parent=1409"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/categories?post=1409"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/tags?post=1409"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}