Skip to main content


Showing posts from June, 2015

Difference between Cross-site scripting and Cross-frame scripting

Often mistaken and confused with each other- Cross site scripting (XSS) and Cross frame scripting (XFS) Both seems to be very similar to each other, but they are not. Both are pole apart. One deals with malicious Javascript injection, other one is related to framing of a particular page under another page. The later one is more of a phising attack. So, XSS: Injection issue. Forced malicious javascript code execution in browser. XFS: Phishing-like attack. Where a legitimate looking page is iframed inside a malicious website. Countermeasure: XSS: Input validation, Output encoding XFS: Frame-busting code, so that the page can't be framed inside other websites.