Understanding Cross Site Scripting
6 Questions
| Attempts: 700
How well do YOU know XSS and how to defend against it? Let's give that a test!
Questions and Answers
- 1.What defense will best help stop Cross Site Scripting (XSS)?
- A.
Input Validation
- B.
Output Encoding
- C.
Cryptographic Tokens
- D.
Rate Throttling
- 2.For which input validation needs are regular expressions not enough?
- A.
File upload input
- B.
Validating a username
- C.
HTML Sanitization
- D.
Validating untrusted JSON
- E.
Validating a user's age
- 3.Which JavaScript functions are so dangerous that they will automatically execute untrusted data as JavaScript code?
- A.
InnerHTML()
- B.
Eval()
- C.
Alert()
- D.
SetTimeout()
- E.
Text()
- F.
All of the above
- 4.What is the best way to parse JSON in the browser?
- A.
JSON parsing plugin
- B.
JavaScript: JSON.parse
- C.
JavaScript: eval()
- D.
JavaScript: innerHTML()
- E.
Server-side outbound JSON validation
- 5.What is the best design for input validation?
- A.
Detecting attacks and rejecting them.
- B.
Setting a policy for good input and rejecting everything else.
- C.
Setting a policy for bad input and logging them.
- D.
None of the above
- 6.Which of the following policies help stop cross-site scripting?
- A.
Content Transport Policy
- B.
Strict Content Policy
- C.
Content Security Policy
- D.
Content Policy Security
Back to top