Tag Archives: script

Introduction of Cross-Site Scripting (XSS) Vulnerability & How to Prevent It?

What is the Cross-site Scripting (XSS) Vulnerability & How to Prevent it

As a web developer, you may know XSS as Cross-site Scripting. It is a way of bypassing the SOP concept. An attacker could easily insert his own HTML code whenever HTML code is generated dynamically, and the user input is not sanitized and is reflected on the page. In this case, the web browser will still display the user’s code since it belongs to the website where it is injected.

The attacker could easily interject JavaScript code which would run under the site’s context. By this way, the attacker can access other pages on the same domain and read data like CSRF-Tokens or the set cookies.

The attacker can use the cookies which typically contain session identifier information, and use it in his own browser and login to the web application as the victim. Another way is by reading private information from the pages, such as read CSRF tokens and makes requests on behalf of the user.

Impacts of the Cross-site Scripting Vulnerability

There are many impacts of an exploited XSS vulnerability. It ranges from Session Hijacking to the disclosure of sensitive data, CSRF attacks and more. The attacker can impersonate the victim and take over the account by exploiting a cross-site scripting vulnerability. It might even lead to code execution on the server if the victim has administrative rights. But it will depend on the application and the privileges of the account. To get more information on how a XSS vulnerability was used in a successful attack can read about the apache.org jira incident .

Preventing XSS Vulnerabilities

The most important thing in preventing cross-site scripting vulnerabilities is to apply a context dependent output encoding. In some cases it might be enough to encode the HTML special characters, such as opening and closing tags. In other cases, URL encoding is necessary if it is correctly applied.

Moreover, your inbuilt XSS filter, even in your most modern web browsers should not be seen as an alternative to sanitization. However, they cannot catch all kinds of cross-site scripting attacks. As a result, this will prevent some pages from loading correctly. Since the idea is to minimize the impact of existing vulnerabilities, a web browser’s XSS filter should only be a “second line of defense”.

7 Elegant Script Fonts you won’t Hate

7 elegant script fonts you won't hate

No one can deny that font plays an important role in graphic design since a right font type will add elegance and personality, while remaining legible. Therefore, we list some script font types to add you more references in doing web design or anything else related with design.

  1. Adelia

This font was firstly invented by Indonesia-based foundry Artimasa which inspired by traditional sign painting and brush lettering. Adelia is particularly well to logo, packaging projects, as well as headlines, posters, and T-shirt graphics, since it represents a bold and playful font.

  1. Baker Street

Baker street is a single-width typeface which makes it perfect for big text blocks or simple headlines thanks to its flowing curves. Designed by Thomas Ramey of Seattle-based studio Ramey Foundry, there are four weights in total – Regular, Light, Regular Title and Light Title.

  1. Everglow

Everglow is kind of retro script font features over 560 glyphs and 322 alternate characters. Besides, it adds a vintage touch to anything from logos to letterheads, then Everglow (designed by another Indonesian outfit, Senior Studio) is your font.

  1. Festival Script Pro

Derived from Argentinian type foundry Sudtipos, Festival Script Pro is a masterpiece pushes the explorations of designers Angel Koziupa and Ale Paul further into the deco script territory. It is a modern, appealing script font with pronounced bilinear contrast and a luxurious ornamental swashing treatment (layered swashing possibilities are included, ranging from minimal to utter exuberance).

  1. Graduate

If you wish to have a contemporary calligraphic script, Graduate by Netherland-based foundry Fontforecast is a perfect choice with over 825 glyphs, it’s a flexible font that you can dress up or down by adding curls to the beginning, middle or end of any lowercase letter.

  1. HT Osteria

Are you looking for an old fashioned type of font? HT Osteria is maybe the right choice for you. Based on 1950s-era wallpaint shopfront advertisement in Italy, HT Osteria is a retro script font that comes as a single weight.

  1. La Paz

La Paz is one of the most unique fonts since it consists of three different alphabets, which are interleaved to provide variations in height, weight and inclination. Moreover, La Paz is a charming script font that will bring a personal touch if it is used in the right context.