Databases Reference
In-Depth Information
Figure 8-22.
Conducting the cross-site scripting attack
4.
Now run the report you created earlier. You will find that it is impossible to
view the report, as you will keep getting redirected to the Google web site. You
have just successfully conducted the cross-site scripting attack.
To prevent the cross-site scripting attack, you have to do the following:
1.
Edit the report you created earlier.
2.
In the Page Rendering area, right-click on the NAME field and choose to edit it.
3.
Set the Display Type field to Display As Text (escape special characters).
4.
Save your changes and run the report one more time.
5.
You will find that your report now shows; also, the JavaScript that you entered
earlier has been escaped appropriately and is now treated as report data rather
than code, as highlighted in the red box in Figure 8-23.
