{"id":1409,"date":"2005-05-23T12:31:33","date_gmt":"2005-05-23T10:31:33","guid":{"rendered":"https:\/\/www.fullo.net\/blog\/index.php\/archives\/2005\/05\/23\/xss-cross-side-scripting\/"},"modified":"2005-05-23T12:31:33","modified_gmt":"2005-05-23T10:31:33","slug":"xss-cross-side-scripting","status":"publish","type":"post","link":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/","title":{"rendered":"XSS, cross side scripting"},"content":{"rendered":"<p>le tecniche di <a href=\"http:\/\/en.wikipedia.org\/wiki\/XSS\">XSS<\/a> sono l&#8217;incubo per la maggior parte degli sviluppatori web, quindi per dormire (un po&#8217; pi\u00f9) tranquilli su ha.ckers.org \u00e8 presente un <a href=\"http:\/\/ha.ckers.org\/xss.html\">elenco dei principali XSS<\/a> in circolazione al momento.<\/p>\n<p>ciuaz<\/p>\n","protected":false},"excerpt":{"rendered":"<p>le tecniche di XSS sono l&#8217;incubo per la maggior parte degli sviluppatori web, quindi per dormire (un po&#8217; pi\u00f9) tranquilli su ha.ckers.org \u00e8 presente un elenco dei principali XSS in circolazione al momento. ciuaz<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[12],"tags":[],"class_list":["post-1409","post","type-post","status-publish","format-standard","hentry","category-webdev"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>XSS, cross side scripting - Fullo<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"XSS, cross side scripting - Fullo\" \/>\n<meta property=\"og:description\" content=\"le tecniche di XSS sono l&#8217;incubo per la maggior parte degli sviluppatori web, quindi per dormire (un po&#8217; pi\u00f9) tranquilli su ha.ckers.org \u00e8 presente un elenco dei principali XSS in circolazione al momento. ciuaz\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/\" \/>\n<meta property=\"og:site_name\" content=\"Fullo\" \/>\n<meta property=\"article:published_time\" content=\"2005-05-23T10:31:33+00:00\" \/>\n<meta name=\"author\" content=\"Francesco Fullone\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@fullo\" \/>\n<meta name=\"twitter:site\" content=\"@fullo\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Francesco Fullone\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2005\\\/05\\\/23\\\/xss-cross-side-scripting\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2005\\\/05\\\/23\\\/xss-cross-side-scripting\\\/\"},\"author\":{\"name\":\"Francesco Fullone\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\"},\"headline\":\"XSS, cross side scripting\",\"datePublished\":\"2005-05-23T10:31:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2005\\\/05\\\/23\\\/xss-cross-side-scripting\\\/\"},\"wordCount\":40,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\"},\"articleSection\":[\"webdev\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2005\\\/05\\\/23\\\/xss-cross-side-scripting\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2005\\\/05\\\/23\\\/xss-cross-side-scripting\\\/\",\"url\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2005\\\/05\\\/23\\\/xss-cross-side-scripting\\\/\",\"name\":\"XSS, cross side scripting - Fullo\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#website\"},\"datePublished\":\"2005-05-23T10:31:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2005\\\/05\\\/23\\\/xss-cross-side-scripting\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2005\\\/05\\\/23\\\/xss-cross-side-scripting\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2005\\\/05\\\/23\\\/xss-cross-side-scripting\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"XSS, cross side scripting\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/\",\"name\":\"Fullo\",\"description\":\"nulla e&#039; impossibile per chi non lo deve fare!\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\",\"name\":\"Francesco Fullone\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\",\"width\":622,\"height\":622,\"caption\":\"Francesco Fullone\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\"},\"sameAs\":[\"http:\\\/\\\/www.fullo.net\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/fullo\",\"https:\\\/\\\/x.com\\\/fullo\"],\"url\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/author\\\/fullo\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"XSS, cross side scripting - Fullo","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/","og_locale":"en_US","og_type":"article","og_title":"XSS, cross side scripting - Fullo","og_description":"le tecniche di XSS sono l&#8217;incubo per la maggior parte degli sviluppatori web, quindi per dormire (un po&#8217; pi\u00f9) tranquilli su ha.ckers.org \u00e8 presente un elenco dei principali XSS in circolazione al momento. ciuaz","og_url":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/","og_site_name":"Fullo","article_published_time":"2005-05-23T10:31:33+00:00","author":"Francesco Fullone","twitter_card":"summary_large_image","twitter_creator":"@fullo","twitter_site":"@fullo","twitter_misc":{"Written by":"Francesco Fullone"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/#article","isPartOf":{"@id":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/"},"author":{"name":"Francesco Fullone","@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c"},"headline":"XSS, cross side scripting","datePublished":"2005-05-23T10:31:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/"},"wordCount":40,"commentCount":0,"publisher":{"@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c"},"articleSection":["webdev"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/","url":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/","name":"XSS, cross side scripting - Fullo","isPartOf":{"@id":"https:\/\/www.fullo.net\/blog\/#website"},"datePublished":"2005-05-23T10:31:33+00:00","breadcrumb":{"@id":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.fullo.net\/blog\/2005\/05\/23\/xss-cross-side-scripting\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fullo.net\/blog\/"},{"@type":"ListItem","position":2,"name":"XSS, cross side scripting"}]},{"@type":"WebSite","@id":"https:\/\/www.fullo.net\/blog\/#website","url":"https:\/\/www.fullo.net\/blog\/","name":"Fullo","description":"nulla e&#039; impossibile per chi non lo deve fare!","publisher":{"@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fullo.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c","name":"Francesco Fullone","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1","url":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1","width":622,"height":622,"caption":"Francesco Fullone"},"logo":{"@id":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1"},"sameAs":["http:\/\/www.fullo.net","https:\/\/www.linkedin.com\/in\/fullo","https:\/\/x.com\/fullo"],"url":"https:\/\/www.fullo.net\/blog\/author\/fullo\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p3OSc1-mJ","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":2088,"url":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/","url_meta":{"origin":1409,"position":0},"title":"Serendipity security release","author":"Francesco Fullone","date":"19\/10\/2006","format":false,"excerpt":"E' stata rilasciata una security release per Serendipity. E' stato trovato un baco XSS per l'area di amministrazione del cms che permetterebbe di mettere in ginocchio un sito basato sul cms opensource. Ovviamente il sito di Serendipity \u00e8 stato il primo ad essere stato attaccato :( ... ciuaz","rel":"","context":"In &quot;php&quot;","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1804,"url":"https:\/\/www.fullo.net\/blog\/2005\/12\/07\/aggiornate-phpmyadmin\/","url_meta":{"origin":1409,"position":1},"title":"Aggiornate phpMyAdmin","author":"Francesco Fullone","date":"07\/12\/2005","format":false,"excerpt":"Aggiornate phpMyAdmin, l'ultima versione ha un bel baco XSS... ciuaz","rel":"","context":"In &quot;php&quot;","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1230,"url":"https:\/\/www.fullo.net\/blog\/2005\/01\/21\/phpsec\/","url_meta":{"origin":1409,"position":2},"title":"[phpsec]","author":"Francesco Fullone","date":"21\/01\/2005","format":false,"excerpt":"iniziano a farsi vedere i primi risultati della mailing list [phpsec], \u00e8 stato scritto infatti, grazie a bitflux, un piccolo vademecum su come prevenire e combattere il XSS ciuaz","rel":"","context":"In &quot;php&quot;","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2085,"url":"https:\/\/www.fullo.net\/blog\/2006\/10\/18\/wordpress-205rc1\/","url_meta":{"origin":1409,"position":3},"title":"WordPress 2.0.5rc1","author":"Francesco Fullone","date":"18\/10\/2006","format":false,"excerpt":"Prima RC per l'ultima versione di Wordpress 2.0.x, con questa release sono stati corretti alcuni bug minori ed \u00e8 stato migliorato il controllo sui XSS per le custom form. Altra piccola features \u00e8 l'autoriconoscimento dei link all'interno dei post e dei commenti. Wordpress 2.0.5rc1 \u00e8 scaricabile qui ed eventuali bugs\u2026","rel":"","context":"In &quot;open source&quot;","block_context":{"text":"open source","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/open-source\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":336,"url":"https:\/\/www.fullo.net\/blog\/2003\/07\/07\/phplinkssecurity\/","url_meta":{"origin":1409,"position":4},"title":"php::Links(&#8216;security&#8217;)","author":"Francesco Fullone","date":"07\/07\/2003","format":false,"excerpt":"ecco due ottime faq su come imparare a rendere sicuri i propri script, la prima parla della pratica dell'sql injection e la seconda di quella del Cross-Site Scripting (XSS) ciuaz","rel":"","context":"In &quot;tecnologia&quot;","block_context":{"text":"tecnologia","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2108,"url":"https:\/\/www.fullo.net\/blog\/2006\/11\/04\/aggiornate-php-e-fatelo-in-fretta\/","url_meta":{"origin":1409,"position":5},"title":"Aggiornate PHP, e fatelo in fretta&#8230;","author":"Francesco Fullone","date":"04\/11\/2006","format":false,"excerpt":"E' stata rilevato un bug abbastanza grave che permette di usare htmlentities() e htmlspecialchars() per eseguire codice remoto su un server (maggiori info su hardened-php). Siccome quelle due funzioni sono alla base di tutti i metodi di parsing e protezione contro XSS sono normalmente usate ovunque. Su PHP.net trovate le\u2026","rel":"","context":"In &quot;php&quot;","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/posts\/1409","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/comments?post=1409"}],"version-history":[{"count":0,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/posts\/1409\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/media?parent=1409"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/categories?post=1409"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/tags?post=1409"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}