What is the general concept behind XSS?

As the answers on how XSS can be malicious are already given, I’ll only answer the following question left unanswered: how can i prevent XSS from happening on my websites ? As to preventing from XSS, you need to HTML-escape any user-controlled input when they’re about to be redisplayed on the page. This includes request … Read more

Better Honeypot Implementation (Form Anti-Spam)

Concept By adding a invisible field to your forms that only spambots can see, you can trick them into revealing that they are spambots and not actual end-users. HTML <input type=”checkbox” name=”contact_me_by_fax_only” value=”1″ style=”display:none !important” tabindex=”-1″ autocomplete=”off”> Here we have a simple checkbox that: Is hidden with CSS. Has an obscure but obviously fake name. … Read more