跨站脚本

跨站脚本攻击者通过向网页插入恶意脚本代码，导致用户浏览网页时代码在浏览器中秘密自动执行，从而窃取用户隐私信息。

XSS attackers steal private information of users by injecting malicious script code in web pages which can operate automatically and secretly in browser while someone browsing the web pages .

跨站脚本，这就是Twitter蠕虫的制作方法。

Cross-site scripting , the stuff that Twitter worms are made of .

另外，针对基于Web的云控制界面的跨站脚本攻击会对整个云安全产生严重的影响。

Additionally , Cross Site Scripting attacks against Web-based cloud control interfaces have severe repercussions for the overall cloud security .

网络安全业内将web2.0网站内的这些编码缺陷，称为跨站脚本（xss）或跨站脚本漏洞。

These weaknesses of coding in Web 2.0 sites are known in the security industry as cross-site scripting , or XSS vulnerabilities .

第一个漏洞是最流行的：跨站脚本编程（cross-sitescripting，XSS）。

The first is by far the most popular : cross-site scripting ( XSS ) .

跨站脚本攻击（cross-sitescripting，简称XSS），是黑客用来潜入Web应用程序的最普遍的应用程序层攻击之一。

Cross-site scripting ( XSS for short ) is one of the most common application-level attacks that hackers use to sneak into Web applications .

更多的安全防护措施，如跨站脚本（XSS）、SQL注入及远程文件包含（RFI）。

Increased protection from attacks such as Cross-site Scripting ( XSS ), SQL Injection and Remote File Inclusions ( RFI ) .

另外，亚马逊商店内一个单独的跨站脚本漏洞允许团队攻击AWS时域。

In addition , a separate cross-site scripting ( XSS ) vulnerability in Amazon 's store allowed the team to hijack an AWS session .

其中，跨站脚本（cross-siteScripting，XSS）攻击已经上升为互联网中数量最多的攻击手段。

Among all attacks on Internet , the cross-site scripting ( cross-site scripting , XSS ) attacks have become a most popular attack method .

但是跨站脚本攻击向量挖掘策略的准确率尚需进一步提高，检测模型由于渗透测试本身的问题不能正常识别基于DOM类型漏洞，这些问题都需要在下一步研究工作中进行改进和完善。

However , the accuracy of Mining Strategy still need to be raised , and the detection model could not properly identify the type of DOM-based vulnerabilities due to the problems of penetration testing , which should be improved in further research work .

关于跨站脚本问题的研究

Research of web based cross , site scripting

为此，提出基于服务器端-客户端协作的跨站脚本攻击防御方法。

According to the problem proposed above , this paper makes a research on the server-client cooperation XSS defense method .

当前有一些关于跨站脚本漏洞的信息资料，但能真正给用户和管理者解释清楚的并不多。

Current small informational tidbits about cross site scripting holes exist but none really explain them to an average person or administrator .

目前多数网站开发人员会采用过滤用户输入的方式来防御跨站脚本攻击，但是这种做法存在局限性，仍需进行漏洞检测工作。

Most website developers filter user input to protect against cross-site scripting attack , however , this practice has been confirmed that there are its own limitations , need some vulnerability detections .