Requesting a website by client side script = Cross Side Scripting Hack. But requesting a website by server side script is not a hack! Why?

若如初见. 提交于 2019-12-04 19:59:34

Because a malicious script can open an external page without the premission of the user. For instance imagine an insecure textarea. If the contents of this textbox is shown to other users it might contain a script that connects to a remote host and sends sensitive user info to it. It all boils down to: server-side -> you are in control, client-side -> public, so prone to abuse.

See:

Same origin policy

In computing, the same origin policy is an important security concept for a number of browser-side programming languages, such as JavaScript. The policy permits scripts running on pages originating from the same site to access each other's methods and properties with no specific restrictions, but prevents access to most methods and properties across pages on different sites.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!