Even famous sites like Twitter are suffering from XSS vulnerability, what should we do

Question

0

Editorial Team

Asked: May 11, 20262026-05-11T16:26:31+00:00 2026-05-11T16:26:31+00:00

Even famous sites like Twitter are suffering from XSS vulnerability, what should we do

0

Even famous sites like Twitter are suffering from XSS vulnerability, what should we do to prevent this kind of attack?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-11T16:26:32+00:00

The #1 Thing you can do is set your cookies to HTTP Only … which at least protects against session cookie hijacking. Like someone stealing your cookie when you are likely admin of your own site.

The rest comes down to validating all user input.

RULE #0 – Never Insert Untrusted Data Except in Allowed Locations
RULE #1 – HTML Escape Before Inserting Untrusted Data into HTML Element Content
RULE #2 – Attribute Escape Before Inserting Untrusted Data into HTML Common Attributes
RULE #3 – JavaScript Escape Before Inserting Untrusted Data into HTML JavaScript Data Values
RULE #4 – CSS Escape Before Inserting Untrusted Data into HTML Style Property Values
RULE #5 – URL Escape Before Inserting Untrusted Data into HTML URL Attributes

Very lengthy subject discussed in detail here:

http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

http://www.owasp.org/index.php/Cross_site_scripting

XSS is only one of many exploits and every web dev should learn the top 10 OWASP by heart imho

http://www.owasp.org/index.php/Top_10_2007

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Even famous sites like Twitter are suffering from XSS vulnerability, what should we do

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply