Difference between Cross-site scripting and Cross-frame scripting

Often mistaken and confused with each other- Cross site scripting (XSS) and Cross frame scripting (XFS) Both seems to be very similar to each other, but they are not. Both are pole apart. One deals with malicious Javascript injection, other one is related to framing of a particular page under another page. The later one is more of a phising attack.
So,
XSS: Injection issue. Forced malicious javascript code execution in browser.

XFS: Phishing-like attack. Where a legitimate looking page is iframed inside a malicious website.

Countermeasure:

XSS: Input validation, Output encoding

XFS: Frame-busting code, so that the page can't be framed inside other websites.

Comments

Aeldra Robinson said…
Very nice post... Nicely explain difference between Cross-site scripting and Cross-frame scripting.
Cross Site Scripting

Popular posts from this blog

SQL Injection in search field

Nipper Download