Understanding Cross Site Scripting

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Drew_daniels
D
Drew_daniels
Community Contributor
Quizzes Created: 2 | Total Attempts: 1,170
| Attempts: 933
SettingsSettings
Please wait...
  • 1/6 Questions

    What is the best design for input validation?

    • Detecting attacks and rejecting them.
    • Setting a policy for good input and rejecting everything else.
    • Setting a policy for bad input and logging them.
    • None of the above
Please wait...
Understanding Cross Site Scripting - Quiz
About This Quiz

How well do YOU know XSS and how to defend against it? Let's give that a test!

Quiz Preview

  • 2. 

    Which of the following policies help stop cross-site scripting?

    • Content Transport Policy

    • Strict Content Policy

    • Content Security Policy

    • Content Policy Security

    Correct Answer
    A. Content Security Policy
    Explanation
    Content Security Policy is a policy that helps stop cross-site scripting. It is a security mechanism that allows website administrators to specify the types of content that a web browser should be allowed to load on their site. It helps prevent malicious scripts from being executed by only allowing trusted sources of content to be loaded. This policy helps protect against cross-site scripting attacks by limiting the ability of attackers to inject and execute malicious scripts on a website.

    Rate this question:

  • 3. 

    What is the best way to parse JSON in the browser?

    • JSON parsing plugin

    • JavaScript: JSON.parse

    • JavaScript: eval()

    • JavaScript: innerHTML()

    • Server-side outbound JSON validation

    Correct Answer
    A. JavaScript: JSON.parse
    Explanation
    The best way to parse JSON in the browser is by using the JavaScript function JSON.parse. This function allows the browser to convert a JSON string into a JavaScript object, making it easier to access and manipulate the data. Unlike the other options listed, JSON.parse is specifically designed for parsing JSON and is considered to be safer and more efficient than using eval() or innerHTML(). Server-side outbound JSON validation is not directly related to parsing JSON in the browser.

    Rate this question:

  • 4. 

    What defense will best help stop Cross Site Scripting (XSS)?

    • Input Validation

    • Output Encoding

    • Cryptographic Tokens

    • Rate Throttling

    Correct Answer
    A. Output Encoding
    Explanation
    Output encoding is the best defense to help stop Cross Site Scripting (XSS). XSS attacks occur when an attacker injects malicious scripts into a website, which are then executed by the user's browser. Output encoding involves encoding special characters in the output to prevent them from being interpreted as code. This ensures that any user input is treated as data and not executable code, thus preventing XSS attacks. Input validation, cryptographic tokens, and rate throttling are important security measures, but they are not specifically designed to address XSS vulnerabilities.

    Rate this question:

  • 5. 

    For which input validation needs are regular expressions not enough?

    • File upload input

    • Validating a username

    • HTML Sanitization

    • Validating untrusted JSON

    • Validating a user's age

    Correct Answer(s)
    A. File upload input
    A. HTML Sanitization
    A. Validating untrusted JSON
    Explanation
    Regular expressions are not enough for input validation needs such as file upload input, HTML sanitization, and validating untrusted JSON because these tasks require more complex validation logic than what regular expressions can provide. File upload input validation involves checking the file type, size, and potentially scanning for malicious content. HTML sanitization requires parsing and validating the HTML structure to prevent cross-site scripting attacks. Validating untrusted JSON involves parsing and verifying the JSON structure to ensure it is not malformed or contains unexpected data. Regular expressions are more suitable for simpler validation tasks like validating a username or a user's age.

    Rate this question:

  • 6. 

    Which JavaScript functions are so dangerous that they will automatically execute untrusted data as JavaScript code?

    • InnerHTML()

    • Eval()

    • Alert()

    • SetTimeout()

    • Text()

    • All of the above

    Correct Answer(s)
    A. InnerHTML()
    A. Eval()
    A. SetTimeout()
    Explanation
    The JavaScript functions innerHTML(), eval(), and setTimeout() are all potentially dangerous because they can automatically execute untrusted data as JavaScript code. The innerHTML() function can be used to dynamically modify the content of an HTML element, but if untrusted data is inserted into it, it can execute malicious code. The eval() function allows the execution of arbitrary JavaScript code, which can be a security risk if untrusted data is passed to it. The setTimeout() function can execute a piece of code after a specified time interval, and if untrusted data is used as the code to be executed, it can lead to security vulnerabilities.

    Rate this question:

Quiz Review Timeline (Updated): Mar 20, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 20, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Jun 19, 2014
    Quiz Created by
    Drew_daniels
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.