“CERT Advisory CA-2000-02 describes a problem with malicious
tags embedded in client HTTP requests, discusses the impact of
malicious scripts, and offers ways to prevent the insertion of
malicious tags.”
“This tech tip, written for web developers, describes more
specifically the steps you can take to prevent attackers from from
using untrusted content to exploit your web site.”
“Any server that creates web pages by inserting dynamic data
into a template should check to make sure that the data to be
inserted does not contain any special characters (e.g., “<“). If
the inserted data contains special characters, the user’s web
browser will mistake them for HTML markup. Because HTML markup can
introduce programs, the browser could interpret some data values as
HTML tags or script rather than displaying them as text.”
“The risk of a web server not doing a check for special
characters in dynamically generated web pages is that in some cases
an attacker can choose the data that the web server inserts into
the generated page. Then the attacker can trick the user’s browser
into running a program of the attacker’s choice.”
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.