Understanding Cross Site Scripting

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Drew_daniels
D
Drew_daniels
Community Contributor
Quizzes Created: 2 | Total Attempts: 1,065
Questions: 6 | Attempts: 862

SettingsSettingsSettings
Understanding Cross Site Scripting - Quiz

How well do YOU know XSS and how to defend against it? Let's give that a test!


Questions and Answers
  • 1. 

    What defense will best help stop Cross Site Scripting (XSS)?

    • A.

      Input Validation

    • B.

      Output Encoding

    • C.

      Cryptographic Tokens

    • D.

      Rate Throttling

    Correct Answer
    B. Output Encoding
    Explanation
    Output encoding is the best defense to help stop Cross Site Scripting (XSS). XSS attacks occur when an attacker injects malicious scripts into a website, which are then executed by the user's browser. Output encoding involves encoding special characters in the output to prevent them from being interpreted as code. This ensures that any user input is treated as data and not executable code, thus preventing XSS attacks. Input validation, cryptographic tokens, and rate throttling are important security measures, but they are not specifically designed to address XSS vulnerabilities.

    Rate this question:

  • 2. 

    For which input validation needs are regular expressions not enough?

    • A.

      File upload input

    • B.

      Validating a username

    • C.

      HTML Sanitization

    • D.

      Validating untrusted JSON

    • E.

      Validating a user's age

    Correct Answer(s)
    A. File upload input
    C. HTML Sanitization
    D. Validating untrusted JSON
    Explanation
    Regular expressions are not enough for input validation needs such as file upload input, HTML sanitization, and validating untrusted JSON because these tasks require more complex validation logic than what regular expressions can provide. File upload input validation involves checking the file type, size, and potentially scanning for malicious content. HTML sanitization requires parsing and validating the HTML structure to prevent cross-site scripting attacks. Validating untrusted JSON involves parsing and verifying the JSON structure to ensure it is not malformed or contains unexpected data. Regular expressions are more suitable for simpler validation tasks like validating a username or a user's age.

    Rate this question:

  • 3. 

    Which JavaScript functions are so dangerous that they will automatically execute untrusted data as JavaScript code?

    • A.

      InnerHTML()

    • B.

      Eval()

    • C.

      Alert()

    • D.

      SetTimeout()

    • E.

      Text()

    • F.

      All of the above

    Correct Answer(s)
    A. InnerHTML()
    B. Eval()
    D. SetTimeout()
    Explanation
    The JavaScript functions innerHTML(), eval(), and setTimeout() are all potentially dangerous because they can automatically execute untrusted data as JavaScript code. The innerHTML() function can be used to dynamically modify the content of an HTML element, but if untrusted data is inserted into it, it can execute malicious code. The eval() function allows the execution of arbitrary JavaScript code, which can be a security risk if untrusted data is passed to it. The setTimeout() function can execute a piece of code after a specified time interval, and if untrusted data is used as the code to be executed, it can lead to security vulnerabilities.

    Rate this question:

  • 4. 

    What is the best way to parse JSON in the browser?

    • A.

      JSON parsing plugin

    • B.

      JavaScript: JSON.parse

    • C.

      JavaScript: eval()

    • D.

      JavaScript: innerHTML()

    • E.

      Server-side outbound JSON validation

    Correct Answer
    B. JavaScript: JSON.parse
    Explanation
    The best way to parse JSON in the browser is by using the JavaScript function JSON.parse. This function allows the browser to convert a JSON string into a JavaScript object, making it easier to access and manipulate the data. Unlike the other options listed, JSON.parse is specifically designed for parsing JSON and is considered to be safer and more efficient than using eval() or innerHTML(). Server-side outbound JSON validation is not directly related to parsing JSON in the browser.

    Rate this question:

  • 5. 

    What is the best design for input validation?

    • A.

      Detecting attacks and rejecting them.

    • B.

      Setting a policy for good input and rejecting everything else.

    • C.

      Setting a policy for bad input and logging them.

    • D.

      None of the above

    Correct Answer
    B. Setting a policy for good input and rejecting everything else.
    Explanation
    Setting a policy for good input and rejecting everything else is the best design for input validation because it ensures that only valid and expected input is accepted, while rejecting any input that does not meet the defined criteria. This approach helps to prevent potential security vulnerabilities and protects the system from malicious attacks or unintended behavior caused by incorrect input. By defining a clear policy for what constitutes good input, the system can enforce strict validation rules and mitigate the risk of data corruption or unauthorized access.

    Rate this question:

  • 6. 

    Which of the following policies help stop cross-site scripting?

    • A.

      Content Transport Policy

    • B.

      Strict Content Policy

    • C.

      Content Security Policy

    • D.

      Content Policy Security

    Correct Answer
    C. Content Security Policy
    Explanation
    Content Security Policy is a policy that helps stop cross-site scripting. It is a security mechanism that allows website administrators to specify the types of content that a web browser should be allowed to load on their site. It helps prevent malicious scripts from being executed by only allowing trusted sources of content to be loaded. This policy helps protect against cross-site scripting attacks by limiting the ability of attackers to inject and execute malicious scripts on a website.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 20, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Jun 19, 2014
    Quiz Created by
    Drew_daniels
Back to Top Back to top
Advertisement