Measures to prevent XSS vulnerability (like Twitter's one a few days before) -

Famous sites like Twitter are also suffering from XSS vulnerability, what should we do to prevent such an attack?

The # 1 thing that you can do is set your cookies only on HTTP. .. which protects the least against session cookie abduction

All other user input comes down to validate.

• Rule # 0 - Never Incorporate Incredible Data HTML # # - Rule # 1 - HTML Escape
• Rule # 2 - Before inserting Incredible Data into HTML Elements Content
• Rule # 3 - Javascript Escape HTML Javascript Before inserting Incredible Data in Data Values ​​
• Rule # 4 - CSS Escape HTML Styles property before entering untrusted data in the attribute alt html common attributes.
• Rule # 5 - Before entering the incredible data in the URL, the FLR HTML URL properties

Very long topic discussed here in detail:

XSS is just one of many factors and every web god should learn by the top 10 OWAp heart emo

< / P>