Computerworld

W3C approves spec for Web site scripting

Seeking to establish an industry standard for Web site scripting, the World Wide Web Consortium (W3C) on Thursday published the Document Object Model (DOM) Level 2 HTML specification as a W3C ...
Computerworld

How to defeat the new No. 1 security threat: cross-site scripting

Cross-site scripting, often abbreviated XSS, is a class of Web security issues. A recent research report stated that XSS is now the top security risk. In a typical XSS scenario, a Web page might use ...
heise online

Web-Security: With Content Security Policy against Cross-Site Scripting, Part 2

Cross-site scripting (XSS) remains one of the most common security threats to web applications. Despite advanced protection mechanisms, attackers continue to find new ways to exploit XSS ...