Prevention of Cross-Site Scripting Attacks on Current Web Applications

Security is becoming one of the major concerns for web applications and other Internet based services, which are becoming pervasive in all kinds of business models and organizations. Web applications must therefore include, in addition to the expected value offered to their users, reliable mechanisms to ensure their security. This paper focuses on the specific problem of preventing cross-site scripting attacks against web applications. The authors present a study of this kind of attacks, and survey current approaches for their prevention. The advantages and limitations of each proposal are discussed, and an alternative solution is introduced.