I am working on an HTML form that posts the data to a URL. I am also using Jquery to get query string parameters and add them to the data I post to the URL. Is there any way to protect against XSS attacks? Any HTML encoding plugins or built-in functions?
+1
A:
You can't protect jQuery from XSS. XSS vulnerability occur in your server software. Take look at Exploit_scenarios for a better understanding how XSS works.
A website that outputs data that is user generated has possible XSS vulnerability if it outputs the user generated content unfiltered, because then the user can create a <script/> tag with malicious code. But you need to filter this on the server before sending to the client (browser).
jigfox
2010-06-25 15:57:05