If you've been around web development for any length of time, then you've heard about some of the rather large security issues that have been floating around as of late. One of the more worrisome is XSS, or Cross-Site Scripting. This inherent flaw in the structure of sites allows for some pretty mean little exploits if you're not coding to watch out for them. Thankfully, ha.ckers.org has come to the rescue with a full page of sample XSS hacks to be aware of.

Note from the author: If you don't know how XSS (Cross Site Scripting) works, this page probably won't help you. This page is for people who already understand the basics of XSS but want a deep understanding of the nuances regarding filter evasion. This page will also not show you how to mitigate these risks or how to write the actual cookie/credential stealing portion of the attack. It will simply show the underlying attack vectors and you can infer the rest. I may add mitigation techniques or other forms of XSS like button/form overwriting later, since I haven't found many good resources on this topic thus far.

There's tons of them here, each one scary in its own right, making me want to go back and check every piece of code I've written. XSS hacks have the potential for being some of the most dangerous security issues out there, and, unfortunately, they're also some of the hardest to catch - but this page can help with some of that...